[Date Prev][Date Next] [Chronological] [Thread] [Top]

remote authentication

To: openldap-software@OpenLDAP.org
Subject: remote authentication
From: Chuck Schied <cschied@orion.ac.hmc.edu>
Date: Thu, 22 Jul 1999 15:54:36 -0700 (PDT)
In-reply-to: <3.0.5.32.19990722145835.00921250@localhost>

So, I've searched archives, FAQs, etc. and haven't found anything about
this.  I want to know if it is possible to bind (with a password) to one
LDAP server as a DN that is not in that server's database:

I have a database w/ suffix 'o=College1,c=US' and a second w/ suffix
'o=College2,c=US'.  Then, in College1's database, I have a DN
'cn=web500-college2,o=College1,c=US' and it has a userpassword attribute
associated with it.  In College2's slapd.conf file, I have an ACL that
says

access to dn=".*o=College2,c=US$"
  by dn="^web500-college2,o=College1,c=US$" read

I also have a reference to College2 in College1's database.  So, when I
search College1 (specifically via web500gw, but it does the same thing
regardless of which client I use) it searches both colleges.  However, it
won't return anything from College2's database (the ACL above is the only 
one that I am using for College2, except for defaultaccess none and 
access to attr=userpassword
  by self write
  by * none).

Since web500-college2 doesn't exist in College2's database, it seems to
make sense that I wouldn't be able to bind via the reference as
web500-college2,o=College1.  So, is there some way to make College2 ask
College1 to do the authentication for web500-college2,o=College1 ???

Thanks a lot!
-- 

Chuck Schied
Harvey Mudd College
cschied@hmc.edu

References:
- Re: Web_LDAP
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: Web_LDAP
Next by Date: Netscape proxy in firewall flooding slapd
Index(es):
- Chronological
- Thread