I work at a uni. We have many workstations that need to authenticate using LDAP and I have set up an LDAP server which all works. My problem is that for users that are not found on this LDAP server I need our server to request from another server for which I have no admin privs and authentication is user only. That is if a user supplies their password they have access to their information. I wish server 1 to pass on the authentication uid and password to the second server (non admin privs on server 2) and authenticate there.

I've Google lots for this but no-one has made it very clear although it seems like it should be possible.

Does anyone have some straight forward instructions on how to do this. Can server1 be configured to do this using phpldapadmin? (I can live without that but it would be nice)

The clue lay in the slapd.conf manual page requiring three config lines
in the database section. The manual pages and also a lot of ldap doco are terse and lacking in examples. Anyway if anyone wishes to do the same the trick is to add the following lines to /etc/openladp/slapd.conf


database ldap
uri ldap://remoteMachine.ladpserver.edu.au
suffix "dc=ldapserver,dc=edu,dc=au"

What are the differences between the users who authenticate against your server and those who authenticate against the other one?

Yes thats exactly what I wanted to do and the slapd config above provides for that.

At risk of being pedantic.........

There are two ldap servers X and Y
X is my ldap server and Y is another ldap server that has all the user information. Authentication on server B is user only, that is if a user correctly provides their password, the fields relevant to them are returned. Naturally A must be permitted by server B to make queries to B and the firewalls need to be appropriately configured.

If a client workstation that makes an ldap query to server A and A is unable to supply the answer it then relays the request to ldap server B which then kindly provides the authentication to A and A then authenticates the client workstation request.