[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Embedding Other LDAP Server in OpenLDAP for User Authentification [Virus checked]

To: ems@sparkassen-informatik.de
Subject: Re: Embedding Other LDAP Server in OpenLDAP for User Authentification [Virus checked]
From: Michael Ströder <michael@stroeder.com>
Date: Fri, 04 Apr 2008 16:23:21 +0200
Cc: OpenLDAP <openldap-software@openldap.org>
In-reply-to: <OF4A3AF265.04ED2111-ONC125741D.002B1D95-C1257421.0032A37D@sparkassen-informatik.de>
References: <OF4A3AF265.04ED2111-ONC125741D.002B1D95-C1257421.0032A37D@sparkassen-informatik.de>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.13) Gecko/20080313 SeaMonkey/1.1.9

ems@sparkassen-informatik.de wrote:

I've a tricky problem to solve. We are working with OpenLDAP 2.2.30.

You should definitely upgrade your OpenLDAP installation since status of 2.2.x is historic. Which means there are no (security) updates anymore. Nada!

The authentification-request which our LDAP gets should first forwarded to an other LDAP server (primary LDAP). Just if the authentification failed on the primary LDAP server our LDAP should try to authentificate by himself.

This can be achieved with back-meta/back-ldap. Depending on your name space (uid, DNs) and the search behaviour of your LDAP clients the setup is simple or a little bit more tricky. Again: For this to be successful you should deploy a recent version of OpenLDAP since there has been many changes and fixes also to back-ldap/back-meta/slapo-rwm.

Ciao, Michael.

References:
- Embedding Other LDAP Server in OpenLDAP for User Authentification [Virus checked]
  - From: ems@Sparkassen-Informatik.de

Prev by Date: Re: Non-Ascii characters in certificateExactMatch
Next by Date: openldap and valgrind
Index(es):
- Chronological
- Thread