[TriLUG] OpenLDAP Question

David Brain dbrain at gmail.com
Thu Aug 4 09:26:21 EDT 2011 

Thanks,

I've looked at the overlays and can't really see one that does what I
need - perhaps the closest is the translucent proxy - but that's
really the inverse of what I need, allows 'union' where as really I
need 'subset'.

Penrose looks like it might (with some learning curve..) do what's
needed, but I was hoping to stick with OpenLDAP so I could work within
the existing infrastructure.

David.

On Wed, Aug 3, 2011 at 3:08 PM, Jonathan Woodbury <jonathan at mybox.org> wrote:
> I should qualify my response because I remember hearing noise about this
> from my local OpenLDAP guy.  But I did actually ask him just now if this is
> right and he thinks it is.
>
> Yes!  I think this should be possible.  See the ldap backend type in the
> slapd.conf to setup the proxy part of what you want.  And then see the docs
> on overlays: http://www.openldap.org/doc/admin24/overlays.html for making
> the changes you want this client to see.
>
> Jonathan
>
> On Wed, Aug 3, 2011 at 11:40 AM, David Brain <dbrain at gmail.com> wrote:
>
>> Hi,
>>
>> Slightly off topic - but thought this might be as good a place to ask
>> this as any..
>>
>> Is it possible to set up a proxy OpenLDAP server that serves a 'view'
>> of it's backend server's data based on an LDAP filter?  I'm trying to
>> get a reluctant network device to auth through LDAP, and all would be
>> well if it could just use a filter, however as it's a closed system
>> it's just not possible, so my first thought for a solution is to run a
>> proxy LDAP server that 'pre-filters' the data.
>>
>> Any thoughts or alternate solutions welcomed...
>>
>> David.
>> --
>> This message was sent to: Jonathan Woodbury <jonathan at mybox.org>
>> To unsubscribe, send a blank message to trilug-leave at trilug.org from that
>> address.
>> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
>> Unsubscribe or edit options on the web  :
>> http://www.trilug.org/mailman/options/trilug/jonathan%40mybox.org
>> TriLUG FAQ          :
>> http://www.trilug.org/wiki/Frequently_Asked_Questions
>>
> --
> This message was sent to: dbrain at gmail.com <dbrain at gmail.com>
> To unsubscribe, send a blank message to trilug-leave at trilug.org from that address.
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> Unsubscribe or edit options on the web  : http://www.trilug.org/mailman/options/trilug/dbrain%40gmail.com
> TriLUG FAQ          : http://www.trilug.org/wiki/Frequently_Asked_Questions
>

More information about the TriLUG mailing list