[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Infrastructure for authentication using referrals



Luiz M Oliveira <85marcelo@gmail.com> writes:

> Hello everyone
>
> I'm having trouble configuring a distributed environment directories. I have the following
> scenario:
>
> A company with three departments (departments A, B and C) separated geographically. In each
> department a server is configured to store user input for authentication.
>
> The suffix of the directory of the three departments are configured as
>
> dc = company, dc = com
>
> Below the root directory of the three branches are configured. Using the example of the
> department A:
>
>  Department_A dc =, dc = company, dc = com: has the user input in that department.
>  departamento_B dc =, dc = company, dc = com: stores a referral to server B department
>  departamento_C dc =, dc = company, dc = com: stores a referral to server B from the
> Department
>
> All departments follow this structure, but each department is set up a referral for other
> outlying departments.
>
> If a user of the department is located on the department network and B want to authenticate to
> that site, to query the server B, you receive a referral for their department of origin.
>
> Can I implement this authentication scenario, with all servers using the same suffix and below
> referrasl implemented for the branches of foreign departments?

I would probably define subordinate ldap backends instead of
referrals. Something like

database ldap
suffix ou=department_A,dc=company,dc=com
...
subordinate

database ldap
suffix ou=department_B,dc=company,dc=com
...
subordinate

database hdb
suffix dc=company,dc=com
...

-Dieter

-- 
Dieter Klünter | Systemberatung
sip: 7770535@sipgate.de 
http://www.dpunkt.de/buecher/2104.html
GPG Key ID:8EF7B6C6