Thanks for the feedback. 

Alex

On 9/20/07, Marc Boorshtein <mboorshtein@gmail.com> wrote:
> Now I am thinking how to enable delegation to multiple LDAP servers and how
> to map users to these
>  servers.  Then how do you make users in ApacheDS to another principalDn in
> the external server?
>

MyVirtualDirectory handles this as part of the joiner system.  When a
user binds to the virtual directory the joiner system loads the entry
and determines all of the 'DN's the user is joined with and attempts a
bind on each one.  If any succeed the overall bind succeeds.  If all
the attempts fail the overall bind fails.

For instance a user binds with the DN

uid=tuser,ou=users,dc=domain,dc=com

This user maps to the remote directory entry

uid=tuser,ou=users,c=mycompany,c=us

and is joined to the AD entry

cn=Test User,cn=Users,dc=domain,dc=com

The joiner will attempt an internal bind for both

uid=tuser,ou=users,c=mycompany,c=us
cn=Test User,cn=Users,dc=domain,dc=com

internally returning success if either succeeds.

I don't know if you want to implement a full joiner subsystem but
there's one way to implement it.

Marc