directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Marc Boorshtein" <mboorsht...@gmail.com>
Subject Re: [ApacheDS] Delegated authenticator ideas
Date Fri, 21 Sep 2007 01:50:02 GMT
> Now I am thinking how to enable delegation to multiple LDAP servers and how
> to map users to these
>  servers.  Then how do you make users in ApacheDS to another principalDn in
> the external server?
>

MyVirtualDirectory handles this as part of the joiner system.  When a
user binds to the virtual directory the joiner system loads the entry
and determines all of the 'DN's the user is joined with and attempts a
bind on each one.  If any succeed the overall bind succeeds.  If all
the attempts fail the overall bind fails.

For instance a user binds with the DN

uid=tuser,ou=users,dc=domain,dc=com

This user maps to the remote directory entry

uid=tuser,ou=users,c=mycompany,c=us

and is joined to the AD entry

cn=Test User,cn=Users,dc=domain,dc=com

The joiner will attempt an internal bind for both

uid=tuser,ou=users,c=mycompany,c=us
cn=Test User,cn=Users,dc=domain,dc=com

internally returning success if either succeeds.

I don't know if you want to implement a full joiner subsystem but
there's one way to implement it.

Marc

Mime
View raw message