Juergen Weber wrote:
> Hi,
>   
Hi Juergen,

first sorry for the late answer, but we were all quite busy (Amsterdam 
Apache Conference ...)
> I have a Tomcat installation that authenticates with JNDI realm
> against an LDAP server containing the users. Now I need some
> additional technical users that cannot go into the LDAP server.
>
> Unfortunately Tomcat can only use one active security realm. Ideal
> were if Tomcat would fall back to the standard memory realm if a user
> were not found in JNDI realm.
>
> So another option were to put the additional users into Apache
> Directory server and have it delegate against the other LDAP server.
>
> If Directory server knows user
>    return authenticate user
> else
>   user := other LDAP server lookup
>   return authenticate user
> endif
>
> Can this right now be done with Apache Directory server?
>   
Right now, the short answer is yes. You can define a specific 
authenticator to do that (if I'm not completly off rails).

Sadly, I don't have enough time right now to give you some direction, 
but I will try to squeeze some time this week-end (no guarantee ...)

However, this is not something complex, and this is also a feature we 
_want_ to add to ADS asap.

Hope it helps (at least a little :) !

-- 
--
cordialement, regards,
Emmanuel Lécharny
www.iktek.com
directory.apache.org