So, I wish to deploy a directory service application that is aware of existing network users credentials, but has the capacity to create its own user credentials if so inclined. The enterprise it is to be deployed within may have a variety of functioning directory services or potentially none at all. My server will contain data which will be filtered depending upon the user. I plan to use LDAP ACLs to perform the filtering.
My thought is to deploy a directory server and have all surrounding servers replicate their user credentials to my server. In this way I should be able to perform all authentications against my own server, correct? It seemed if I performed the authentication against the original server I could not make use of ACLs applied to the data on my server. Am I correct in these assumptions? Anyone have any ideas on the design on this kind of application?
Thanks for your time.