Thanks for the feedback. 


On 9/20/07, Marc Boorshtein <> wrote:
> Now I am thinking how to enable delegation to multiple LDAP servers and how
> to map users to these
>  servers.  Then how do you make users in ApacheDS to another principalDn in
> the external server?

MyVirtualDirectory handles this as part of the joiner system.  When a
user binds to the virtual directory the joiner system loads the entry
and determines all of the 'DN's the user is joined with and attempts a
bind on each one.  If any succeed the overall bind succeeds.  If all
the attempts fail the overall bind fails.

For instance a user binds with the DN


This user maps to the remote directory entry


and is joined to the AD entry

cn=Test User,cn=Users,dc=domain,dc=com

The joiner will attempt an internal bind for both

cn=Test User,cn=Users,dc=domain,dc=com

internally returning success if either succeeds.

I don't know if you want to implement a full joiner subsystem but
there's one way to implement it.