directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alex Karasulu" <akaras...@apache.org>
Subject Re: [ApacheDS] Delegated authenticator ideas
Date Fri, 21 Sep 2007 04:47:49 GMT
Thanks for the feedback.

Alex

On 9/20/07, Marc Boorshtein <mboorshtein@gmail.com> wrote:
>
> > Now I am thinking how to enable delegation to multiple LDAP servers and
> how
> > to map users to these
> >  servers.  Then how do you make users in ApacheDS to another principalDn
> in
> > the external server?
> >
>
> MyVirtualDirectory handles this as part of the joiner system.  When a
> user binds to the virtual directory the joiner system loads the entry
> and determines all of the 'DN's the user is joined with and attempts a
> bind on each one.  If any succeed the overall bind succeeds.  If all
> the attempts fail the overall bind fails.
>
> For instance a user binds with the DN
>
> uid=tuser,ou=users,dc=domain,dc=com
>
> This user maps to the remote directory entry
>
> uid=tuser,ou=users,c=mycompany,c=us
>
> and is joined to the AD entry
>
> cn=Test User,cn=Users,dc=domain,dc=com
>
> The joiner will attempt an internal bind for both
>
> uid=tuser,ou=users,c=mycompany,c=us
> cn=Test User,cn=Users,dc=domain,dc=com
>
> internally returning success if either succeeds.
>
> I don't know if you want to implement a full joiner subsystem but
> there's one way to implement it.
>
> Marc
>

Mime
View raw message