[Date Prev][Date Next] [Chronological] [Thread] [Top]

the best and the shortest way ?

Hi everyone,

I'm stopped with technical stuff tryin' to  deploy a specific backend meta.

(see here : http://www.openldap.org/lists/openldap-software/200701/msg00190.html

and here : http://www.openldap.org/lists/openldap-software/200701/msg00272.html )

So iI will try to explain what I want, and maybe what I'm tryin' to do is not the best way :)

The background :

1) there is a general openldap directory existing D1, on which I just have a system account to read its data
--> no anonymous bind permitted to access the data, I need to call ldapsearch this way to retrieve any results :

ldapsearch -x -D "cn=toto,ou=system,dc=univ-paris7,dc=fr" -w xxxx -H ldaps://ldap.univ-paris.fr -b "ou=people,dc=univ-paris7,dc=fr" cn mail -LLL

2) the fact is that I need authentication datas on people who are not in that directory D1, so I have to build my own ldap directory D2; and I don't want any data redundancy between D1 and D2
--> D1 (union) D2 = empty set

3) to have an unique way to get authentication in Apache for example, in order that people from D1 AND D2 can access, I've been thinkin' that the best solution was to deploy a openldap meta backend D3 that would transmit the authentication requests both to D1 and D2.
--> D1 and D2 are D3's targets.

Is this the simplest way ? are there any solutions to implement that ?

The technical stuff

See the previous posts to see what stops me. Directory with anonymous binds don't have any problems to be targeted, but as soon as authentication is needed, access is refused whenever I give a dn to authenticate ...


Julien Oix
UFR d'Informatique - Université Paris Diderot

Bureau 5C01 (5ème étage)
175 rue du Chevaleret
75013 PARIS

Tel : +33 (0) 144 278 504
Mobile : +33 (0) 664 392 207