|
Hi. I’m new to this list, but risk diving right in
with a question: I am wondering whether the following scenario is possible to
implement using OpenLDAP: We are a sub-organization within a larger organization and
want to perform authentication against the central LDAP server yet augment query
results with attributes from from the DIT of our own LDAP server. In effect,
providing a virtual DIT hiding the details of which attributes comes from where
to the applications using it. It is not just a matter of delegation, more of a selective merge
of the attributes available in the 2 DITs. An example: Central DIT: cn:
someone userPassword:
something mail:
someone@somewhere.org irrelevantAttribute:
whatever Our DIT: uid:
someone inProjects:
someProject, someOtherProject Virtual DIT (auth’ed against Central DIT): uid:
someone mail:
someone@somewhere.org inProjects:
someProject, someOtherProject Commercial products
such as the Symlabs Directory Extender promise such capabilities but I’d
like to stick with an open solution in at all possible. I guess it might possibly
be implemented in a custom back_perl handler, but is it possible to achieve
using fx back_meta or some other “native” OpenLDAP configuration? Thanks in advance, /\/\\ads Troest |