Re: is this possible

["Dieter Kluenter" <dieter@dkluenter.de>]

"D'Arcy Smith" <ds.bcit@gmail.com> writes:

> Hi,
>
> I have been looing into LDAP for a few days now (I am fairly new to
> it) and here is what I am attempting to do (but I haven't figured out
> if it is possible).
>
> Currently I have access to an LDAP server that I use with
> apache/subversion to control access.  This works but I would like to
> add some things, such as group information into LDAP to simplify some
> configuration (I have more applciations other than apache/subversion
> that need LDAP authendication).
>
> I am not able to get changes made to the server that I have access to
> so what I figured would make sense is to inplement my own openldap
> server and add the group info there.  I don't want to have the
> passwords in my own LDAP server, I want to pass password requests onto
> the upstream server.
>
> So, is it possible for an openldap server to pass some requests onto
> another server and still provide other information to clients?
>
> Hopefully that is clear :-)

This is feasable, in principle :-).
OpenLDAP supports external authentication mechanisms and proxy
authentication and authorization. But your task is rather hard to
design in a real world. It depends on the abilities of your remote
LDAP server and your authentication environment.

-Dieter

-- 
Dieter Klünter | Systemberatung
http://www.dkluenter.de
GPG Key ID:8EF7B6C6