3
In my college there's an LDAP server managed by the staff. We can use this LDAP server from our machines, but cannot modify attributes (eg: user login shell).
We'd like to modify these attributes, so we were thinking of setting up an LDAP server working as a proxy for the other one: we would set any attribute we need on our LDAP server, and then use the one offered by the staff for authentication.
Is there any way to do this?
peoro
Posted 2012-01-29T15:12:30.923
Reputation: 943
1
The correct answer is replication. Arrange for the administrators of the LDAP server to have its contents replicated to your local LDAP server. They might refuse, since the database could diverge if the replication is not multi-master or bi-directional. Failing this, configure your own LDAP server and populate with data as required and configure your LDAP clients to use the new server.
Terry Gardner
Posted 2012-01-29T15:12:30.923
Reputation: 827
0
This is what OpenLDAP's overlay slapo-translucent was designed for. Basically you're maintaining a local database in your LDAP proxy backend augmenting content retrieved from your company's LDAP server.
See also: OpenLDAP Admin Guide -- Translucent Proxy
For simple cases like homeDirectory I'd suggest to look at what the NSS/PAM clients like sssd and nss-pam-ldapd provide for special attribute mappings. This might already be sufficient.
Michael Ströder
Posted 2012-01-29T15:12:30.923
Reputation: 185