Re: forwarding search queries + auth across multiple backends

["Pierangelo Masarati" <ando@sys-net.it>]

> hi,
>
> i would like to integrate 2 userdirectories (one stored directly in a
> slapd ldbm database, the other one stored in a sql database with an
> back-sql interface) into a single userdirectory. (to be able to use
> pam-ldap and libnss-ldap)
>
> the problem is that back-meta doesn't work for this, because auth data
> isn't forwarded.
>
> when i mount the two backends in the same slapd, only the more specific
> one is queried when doing a search.
>
> i can't use referrals because pam-ldap and libnss-ldap don't follow
> them.
>
> is there another possibility to solve this problem?
>
> would specifying on of the backends as subordinate be a possible
> solution? (according to the docs it seems so, i just played a little bit
> around with this option, but wasn't able to get it working.)

You can glue the local and the sql backend
together; this solves the auth propagation
problem; otherwise, if the sql database is
remote, you can glue the local database and
a back-ldap together, with the back-ldap
pointing to the server where the back-sql
is active.  Back-ldap supports proxyAuth
propagation (there has been some traffic
on the subject, I'll need to write a FAQ
entry for that).

p.


-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it