Am Mittwoch 30 Juni 2010, 12:14:05 schrieb Tunguskin Petr: > Hello. > > I have one program which can authenticate with LDAP server and Active > Directory with read access. I need to authenticate extra users, but I > can't add them to Active Directory for security reasons. Program can > work with only one LDAP source. > > I have tryed to use openldap chain overlay to join local and remote > LDAP databases with refferals. Search works fine, but bind operation > doesn't work, openldap writes error: <= bdb_dn2id: get failed: > DB_NOTFOUND: No matching key/data pair found (-30989) > > Is it possible to bind to remote LDAP records with chain overlay? > > ------------------------------------------ > database bdb > suffix "dc=local" > rootdn "cn=ldapadmin,dc=local" > rootpw 12345678 > > directory /var/lib/ldap > > overlay chain > chain-uri "ldap://10.1.1.1/"; > chain-rebind-as-user TRUE > chain-cache-uri true > chain-chaining resolve=chainingRequired > continuation=chainingRequired chain-idassert-bind > bindmethod="simple" > binddn="cn=ldapuser,cn=Users,dc=test,dc=local" > credentials="123" > mode="none" > ---------------------------------------- > > Could you recommend another solution? Setup a proxy database (using the "ldap" backend) and glue it with your local bdb database using the "subordinate" keyword in slapd.conf. (See the slapd.conf(5) man-page.)
-- Ralf
