directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mittal, Nitin \(US - Mumbai\)" <>
Subject Authentication against a group of directory servers
Date Tue, 16 Oct 2007 15:15:53 GMT

I now have a better understanding of referral chasing.
Here is the decription of the problem that I am facing currently.

I have a set up of two ApacheDS instances 'LDAP_A' & 'LDAP_B' running on different machines.
LDAP_A and LDAP_B both have their user stores. LDAP_A also has a link to LDAP_B.

The following usecase for authenticating a user is working for me :-
Initialize a DirContext to the local LDAP_A,pass authentication credentials of LDAP_A admin
for creating this context.
Context created
Fire a JNDI search on just LDAP_A (not being aware of LDAP_B), 
Result ->I get back a list of all user in LDAP_A and LDAP_B, 
with common users occurring twice.
I can search this user list to authenticate any user.

However, can the following usecas be realized using referral chasing or some other mechanism
Initialize a DirContext to the local LDAP_A,pass authentication credentials of LDAP_B admin
for creating this context.

Result -> Since LDAP_A has a referral link to LDAP_B, admin authentication credentials
of either server can be used to create a context.

Is this achievable. I want to avoid scrolling through a list of users. I would want to authenticate
a user by creating a context using it's credentials, and still be able to leverage referrals.


Nitin Mittal
Technology Integration
Deloitte Consulting Offshore Technology Group
Tel: +91 22 6644-5745 (Direct)
Tel: +91 9323624353 (Mobile)
Tel: +91 22 6644-5000 (Main) 


This message (including any attachments) contains confidential information intended for a
specific individual and purpose, and is protected by law.  If you are not the intended recipient,
you should delete this message. 

Any disclosure, copying, or distribution of this message, or the taking of any action based
on it, is strictly prohibited. [v.E.1]

  • Unnamed multipart/alternative (inline, 7-Bit, 0 bytes)
View raw message