[Date Prev][Date Next] [Chronological] [Thread] [Top]

Creating a virtual DIT?

Hi. I’m new to this list, but risk diving right in with a question:


I am wondering whether the following scenario is possible to implement using OpenLDAP:


We are a sub-organization within a larger organization and want to perform authentication against the central LDAP server yet augment query results with attributes from from the DIT of our own LDAP server. In effect, providing a virtual DIT hiding the details of which attributes comes from where to the applications using it.


It is not just a matter of delegation, more of a selective merge of the attributes available in the 2 DITs. An example:


Central DIT:

            cn: someone

            userPassword: something

            mail: someone@somewhere.org

            irrelevantAttribute: whatever


Our DIT:

            uid: someone

            inProjects: someProject, someOtherProject


Virtual DIT (auth’ed against Central DIT):

            uid: someone

            mail: someone@somewhere.org

            inProjects: someProject, someOtherProject


Commercial products such as the Symlabs Directory Extender promise such capabilities but I’d like to stick with an open solution in at all possible. I guess it might possibly be implemented in a custom back_perl handler, but is it possible to achieve using fx back_meta or some other “native” OpenLDAP configuration?


Thanks in advance,

   /\/\\ads Troest