[Date Prev][Date Next]
Re: meta setup
- To: firstname.lastname@example.org
- Subject: Re: meta setup
- From: Gidobo 69 <email@example.com>
- Date: Mon, 5 Jul 2010 11:35:02 +0200
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:content-type; bh=5COltI7Hqdm8Jlh9Evkm6u42ByXluawRNqiQO970/kg=; b=ujuyTNTYDqfF3vJCSl0rwsf6DIG8UCdeujfxgsbVkBYAt70T2k4RYt4A4F48wOacOl hk3uHOjrArsBaUOspvso0XtImUHOsXmL9oJ1UJdnvDrP35DHSNPjFKf3BtwZGjANJ9tC n1yJ2T22uwt6D8YD/bsJy3h8H/EFPUCuQI9Rg=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=q9aY5ttGuNfW93IJyXkwMjwYOpYCop8S7tr2H9o07GpGfXpebsxMFJHwCY0+lypTXW 2eVdyu8yyXtzxD7R/LuAmHbKfH6EEjjkhVVZejE43FfeELCIpArW5L+h/cZUWlk/KwP6 uaLnonM7jIeiFrF5lUne2VauD2DsBC7II4WQk=
- In-reply-to: <AANLkTikOXVn2bKReluSXl-VDlljo2j_zcIyn7xplsZ7E@mail.gmail.com>
- References: <AANLkTikOXVn2bKReluSXl-VDlljo2j_zcIyn7xplsZ7E@mail.gmail.com>
I tried to set up a single AD + local version with meta.
meta -> domain, com
ad, domain, com -> AD
ldap, domain, com -> localhost with configured with hdb
It doesn't seem to work though :/
On Mon, Jun 28, 2010 at 1:05 AM, Gidobo 69 <firstname.lastname@example.org>
I plan to set up a meta directory. It looks like a normal one according to the openldap descriptions so I was surprised that I was unable to find any howto/faq/forum entry/mailing about it.
Let me describe it:
I have a heterogeneous system and want to have a common ldap system for it. Here is what I have now:
Two AD domains
An openldap db for a software with internal users.
- To be able to authenticate a domain user from either AD.
- To have non-AD users as well.
- To have non-AD attributes for all three.
So for authentication:
If user is an AD user -> authenticate from appropriate DC
If user is a non-AD one -> authenticate from openldap
If I want non-AD attribute added to AD users as well.
If an attribute doesn't exist for an AD user in openldap ask the appropriate DC.
This way I could user AD users and their groups through openldap, have independent non-AD users and have attributes for all users in openldap local db regardless of authentication source.
Have I missed something and this is too 'exotic'?
ad1.company.com -> AD1 users, authenticates from DC1
ad2.company.com -> AD2 users, authenticates from DC2
ldap.company.com -> 'other' users, authenticates from openldap local db
Attributes mapped. If user is an AD one and attribute doesn't exists in local DB, proxy the query to AD.
Thanks in advance