Re: Authenticating with multiple databases

[Andrew Findlay <andrew.findlay@skills-1st.co.uk>]

On Thu, Apr 15, 2010 at 09:02:42AM -0500, Ian Gillman wrote:

> In other words, database A (DBa) has user A's (Ua) credentials and database B (DBb) has user B's (Ub) credentials. We would like to be able to talk to either DBa or DBb and get back the user credentials and authentication for both Ua and Ub.
> 
> Is there some way I can set up OpenLDAP to be able to try and authenticate a user request locally and then, if that fails, to authenticate the request remotely without the requestor having to know about the remote database? We do not want to replicate information between the databases.

You could set up each database to chain requests to the other so that
clients do not need to be aware of the separation. The clients would
need to use a base DN in their search requests that covers both
dataases, so you may need to create a new suffix to cover that or use
slapd-relay and slapo-rwm to remap the DIT.

I dont think there is any easy way to force the search to use local
data first, so you may have problems if the link between the two
servers goes down.

Andrew
-- 
-----------------------------------------------------------------------
|                 From Andrew Findlay, Skills 1st Ltd                 |
| Consultant in large-scale systems, networks, and directory services |
|     http://www.skills-1st.co.uk/                +44 1628 782565     |
-----------------------------------------------------------------------