Johannes Knauf <johannes.kn...@physik.uni-erlangen.de> 2012-10-16 08:10:
If you are administrating at least 1 of the 2 LDAP servers, you can use pass-through authentication as an alternative. It is described in http://www.openldap.org/doc/admin24/security.htmlThen, pam_ldap authenticates to LDAP server 1 only, which holds information about all users. For local users on server 1 it holds a hash, for remote users on server 2, it holds a string {SASL}username@server2 instead of the hash. If a user from server 2 tries to bind against server 1, authentication is delegated to server 2. A tutorial can be found in http://wiki.debian.org/LDAP/PAM
In my case they aren't actually separate servers, so to set yet another pair up just to do this would be overly complex.
Brian
signature.asc
Description: Digital signature
