Re: Redirect bind requests to another server

[Michael Ströder <michael@stroeder.com>]

Dieter Kluenter wrote:
> Andreas Moroder <andreas.moroder@sb-brixen.it> writes:
>
> > Hello,
> >
> > we have a web application that autenticates via openldap. Now a second
> > hospital should use this same application, but they have their own
> > autentication server, active directory in this case.
> >
> > In our network the users authenticate giving their username ( amoroder
> > in my case ) and password. Is it possible to configure openldap to
> > redirect the bind request to the remote server when the username
> > contains an extension like jsmith@remote ? Does this work with AD as
> > second/remote authentication server ?
>
> What you are requesting is some sort of X.500 DAP services plus the
> service of a virtual directory.

"Virtual directory", yet another buzz-word (sigh!). After the 
buzz-word "meta directory" was burnt out we badly needed this. ;-)
Sorry, but such terms implicate that you can buy a full-featured 
off-the-shelf solution without thinking about what you really 
need. That's simply not true.

> This could partly be achieved with
> OpenLDAP, it would be easier to put a virtual directory in front of
> OpenLDAP and AD and have all users to authenticate against the virtual
> directory[1]. 

No matter what you put in front (OpenLDAP can do it) you have to 
use your brain and think about name spaces of AD and the user IDs 
and put the result of that into a configuration (e.g. OpenLDAP's 
slapd.conf).

Ciao, Michael.