LDAP - Forward OU to remote LDAP OU

Question

i've been looking for a solution to forward a OU request to a remote LDAP OU.

dc=domain
- ou=accounts
  - ou=local-accounts
    - cn=local-user
  - ou=remote-accounts
    - ALL OBJECTS FROM PRE DEFINED REMOTE LDAP

The main problem is that i have to forward the whole user authentication to a different server.

We sync all Users from AD1 to "ou=local-accounts,ou=accounts,dc=domain" and authenticate them with SASL against the AD1.
We wants to forward all authentication processes in "ou=remote-accounts,ou=accounts,dc=domain" to AD2 without SASL.

I hope you guys can help me with this problem.

Kind regards, Marvyn :)

score 0 · Accepted Answer · answered Oct 21 '15 at 14:39

I solved this issue by using an meta backend and the rwm overlay. Heres the slapd.conf which explains it all.

overlay            rwm
rwm-suffixmassage "ou=remote-accounts,ou=accounts,dc=domain" "ou=accounts,dc=meta"

database        bdb
directory       /var/lib/ldap
suffix          "dc=domain"
rootdn          "cn=root,dc=domain"
rootpw          root
index           objectclass eq
index           uid eq,sub
lastmod         off
readonly        off


database        meta
suffix          "dc=local"
readonly        off
lastmod         off

uri            "ldap://remote.ldap/ou=accounts,dc=meta"
suffixmassage   "ou=accounts,dc=meta" "ou=accounts,dc=remote-domain"
idassert-bind   bindmethod=simple
   binddn="DN-TO-ADMIN-USER-AT-REMOTE-DOMAIN"
   credentials="PASSWORD"
   mode=none
   flags=non-prescriptive
idassert-authzFrom "dn.exact:cn=root,dc=meta"

LDAP - Forward OU to remote LDAP OU

1 Answers1