Thanks for the feedback.
> Now I am thinking how to enable delegation to multiple LDAP servers and how
> to map users to these
> servers. Then how do you make users in ApacheDS to another principalDn in
> the external server?
MyVirtualDirectory handles this as part of the joiner system. When a
user binds to the virtual directory the joiner system loads the entry
and determines all of the 'DN's the user is joined with and attempts a
bind on each one. If any succeed the overall bind succeeds. If all
the attempts fail the overall bind fails.
For instance a user binds with the DN
This user maps to the remote directory entry
and is joined to the AD entry
The joiner will attempt an internal bind for both
internally returning success if either succeeds.
I don't know if you want to implement a full joiner subsystem but
there's one way to implement it.