[Date Prev][Date Next]
Re: Redirect bind requests to another server
Dieter Kluenter wrote:
Andreas Moroder<firstname.lastname@example.org> writes:
we have a web application that autenticates via openldap. Now a second
hospital should use this same application, but they have their own
autentication server, active directory in this case.
In our network the users authenticate giving their username ( amoroder
in my case ) and password. Is it possible to configure openldap to
redirect the bind request to the remote server when the username
contains an extension like jsmith@remote ? Does this work with AD as
second/remote authentication server ?
What you are requesting is some sort of X.500 DAP services plus the
service of a virtual directory. This could partly be achieved with
It can be entirely achieved with OpenLDAP. Using the rewrite overlay to map
usernames, you can then relay the requests to either a local DB or back-ldap.
it would be easier to put a virtual directory in front of
OpenLDAP and AD and have all users to authenticate against the virtual
OpenLDAP is already capable of acting as a virtual directory....
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/