[Date Prev][Date Next]
Re: forwarding search queries + auth across multiple backends
> i would like to integrate 2 userdirectories (one stored directly in a
> slapd ldbm database, the other one stored in a sql database with an
> back-sql interface) into a single userdirectory. (to be able to use
> pam-ldap and libnss-ldap)
> the problem is that back-meta doesn't work for this, because auth data
> isn't forwarded.
> when i mount the two backends in the same slapd, only the more specific
> one is queried when doing a search.
> i can't use referrals because pam-ldap and libnss-ldap don't follow
> is there another possibility to solve this problem?
> would specifying on of the backends as subordinate be a possible
> solution? (according to the docs it seems so, i just played a little bit
> around with this option, but wasn't able to get it working.)
You can glue the local and the sql backend
together; this solves the auth propagation
problem; otherwise, if the sql database is
remote, you can glue the local database and
a back-ldap together, with the back-ldap
pointing to the server where the back-sql
is active. Back-ldap supports proxyAuth
propagation (there has been some traffic
on the subject, I'll need to write a FAQ
entry for that).