MOROZZO Valerio wrote:
Good morning,
Hoping to join to right forum, I please would like to describe how I
configured apache/openldap on my linux box in order to get your suggestion and
verify if it could be the clever way or not.
Customer asked me to protect via basic-authentication/mod_ldap a site, where
users that can access have to be validated into two different ldap repository
depending on the user type:
- If the user is in "flat" format, like "Surname Name", it has to be checked on
an active directory
- if the user is in "e-mail" format, like [EMAIL PROTECTED], it has to be
checked on an Ibm ldap server
In both cases, the given username is the first part of a bind DN, so it can directly used
to bind on ldap (other OU and suffix after "cn=xxxxx," are not the same on both
ldap)
In order to solve that, I configured an ldap server, where apache mod-ldap
points to; this ldap server, via back-meta and regular expression, then
contacts the right ldap and authenticate.
Do you think it could be the right approach to the problem?
I wonder how Windows does it? One can, if AD is so configured, login as
[EMAIL PROTECTED] to authenticate against the specific domain instead of
the one the Windows box belongs to. There needs to be a trust
relationship between the two domains.
I don't think client software should be concerned with choosing which
LDAP server to use, any more than DNS clients do. On reflection, I don't
think client software _can_ do so reliably.
Someone here might know, but perhaps the question's better asked at the
openldap or *directory server site.
--
Cheers
John
-- spambait
[EMAIL PROTECTED] [EMAIL PROTECTED]
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375
You cannot reply off-list:-)
----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
