What I was thinking about was setting up a means to bind to one ldap server based on the users that exist in a 2nd ldap server. What I want to do is have one ldap server with contact information in it and one with user information (on a seperate box). And I want to be able to have the users bind to the contact server without having to duplicate their login info.
What I tried to do was put a referral in my slapd.conf that pointed to the user server. This portion worked. I can do ldap searches on the contact server that can return results that exist only on the user server.
Then I added a acl that looked something like this:
access to * by
by dn=".*,o=users.company.com" read
What happens though when I try to bind to do a ldapsearch I get :
ldap_bind: Inappropriate authentication
Any one have any thoughts as to whether this should work, or why is shouldn't work?
Thanks
-- Daniell Freed Computer Services Dewitt, Ross, & Stevens S.C. He who fights with monsters might take care lest he thereby become a monster. And if you gaze for long into an abyss, the abyss gazes also into you. Beyond Good and Evil Friedrich Wilhelm Nietzche