[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Backend authentication



>I have read-only access to a "master" LDAP server, but don't have the
>authority to create objects or extend the schema of the LDAP server.  I plan
>to setup my own local LDAP server (OpenLDAP 2.1.22).  However, I would like
>to utilize the "master" server for authentication purposes so that when
>users change their "master" password they can still log into my local LDAP
>server.
>Is this possible?
>Ideally I would prefer to setup a "shadow" system: if an object has a value
>in the local server then use that, otherwise lookup the value in the
>"master" server.  Again, is this possible?

I haven't tried it but can you create a back-ldap entry that points to the 
"master" and a back-bdb that this 'subordinate'.


database bdb
suffice  "ou=HooHa,ou=...,dc=nakedgeeks,dc=ru"
directory /var/lib/ldap
...
subordinate

databse ldap
lastmod off
user    "ldap://master";
rebind-as-user

Would that work?