OpenLDAP as a Proxy
 

Hello,

Not sure this is the right place or even possible... Our AD structure is rather messy and managed by another group. We would like to do some mapping of users to groups (ACS Radius Server) but cannot map on attributes. Can openLDAP act as a proxy and based on a specific attribute assigned to a user put that user in a role and then let us run ldap queries against it?

Thanks,

koncept

I'm not aware of a proxy-functionality, you'd have to code something
yourself I'm afraid; or, by using some sort of delayed replication
(unfortunately only polling of sorts possible to the best of my
knowledge) - maybe using Net::LDAP? - and modifying the stuff you
then want to store in OpenLDAP and write that to there from the
same program ....


Cheers,
Tink

Thanks for getting back to me. I didn't expect it to work since this doesn't seem like a common or smart thing to be doing...

I don't know about that :}

There's commercial products that will let you do things
like this, e.g. Oracle Virtual Directory (that's one I've
come across). But not knowing what kind of money you got
to splash out, or what kind of coding expertise there is
in your environment it's hard to give practical advise.


Cheers,
Tink

And revisiting this one ... goes to show that I don't always read all the docu
that comes with a product ;}


Have a read of 'man 5 slapd-ldap' and 'man 5 slapd-meta'