[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: is this possible

"D'Arcy Smith" <ds.bcit@gmail.com> writes:

> Hi,
> I have been looing into LDAP for a few days now (I am fairly new to
> it) and here is what I am attempting to do (but I haven't figured out
> if it is possible).
> Currently I have access to an LDAP server that I use with
> apache/subversion to control access.  This works but I would like to
> add some things, such as group information into LDAP to simplify some
> configuration (I have more applciations other than apache/subversion
> that need LDAP authendication).
> I am not able to get changes made to the server that I have access to
> so what I figured would make sense is to inplement my own openldap
> server and add the group info there.  I don't want to have the
> passwords in my own LDAP server, I want to pass password requests onto
> the upstream server.
> So, is it possible for an openldap server to pass some requests onto
> another server and still provide other information to clients?
> Hopefully that is clear :-)

This is feasable, in principle :-).
OpenLDAP supports external authentication mechanisms and proxy
authentication and authorization. But your task is rather hard to
design in a real world. It depends on the abilities of your remote
LDAP server and your authentication environment.


Dieter Klünter | Systemberatung