[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: meta setup

No ideas?

I tried to set up a single AD + local version with meta.

meta -> domain, com
 ad, domain, com -> AD
 ldap, domain, com -> localhost with configured with hdb

It doesn't seem to work though :/


On Mon, Jun 28, 2010 at 1:05 AM, Gidobo 69 <gidobo69@gmail.com> wrote:


I plan to set up a meta directory. It looks like a normal one according to the openldap descriptions so I was surprised that I was unable to find any howto/faq/forum entry/mailing about it.

Let me describe it:

I have a heterogeneous system and want to have a common ldap system for it. Here is what I have now:

Two AD domains
An openldap db for a software with internal users.

My aim:
 - To be able to authenticate a domain user from either AD.
 - To have non-AD users as well.
 - To have non-AD attributes for all three.

So for authentication:

 If user is an AD user -> authenticate from appropriate DC
 If user is a non-AD one -> authenticate from openldap

 If I want non-AD attribute added to AD users as well.
 If an attribute doesn't exist for an AD user in openldap ask the appropriate DC.

This way I could user AD users and their groups through openldap, have independent non-AD users and have attributes for all users in openldap local db regardless of authentication source.

Have I missed something and this is too 'exotic'?

ad1.company.com -> AD1 users, authenticates from DC1
ad2.company.com -> AD2 users, authenticates from DC2
ldap.company.com -> 'other' users, authenticates from openldap local db

Attributes mapped. If user is an AD one and attribute doesn't exists in local DB, proxy the query to AD.

Thanks in advance