On Fri, 2006-06-23 at 11:26 +0200, Sebastien Bonnegent wrote: > Hello, > > We have 2 different LDAP servers (no replica) with different users in it. We want configure > Cyrus-sasl to ask both. > > A detailed version will be : > > Is USER in LDAP1 ? > -> Yes, SUCCESS > -> No, Is USER in LDAP2 ? > -> Yes, SUCCESS > -> No, USER refused > > Do you think that it is possible ? Have you an idea to do this ? Not sure with cyrus-sasl (I suspect no); I'd suggest using some sort of (smart) proxying that allows your LDAP client (the cyrus-sasl in your case) to see the two DSAs as a single DSA that acts as an entry point for the two branches. The following of this answer is off-topic here, as it addresses how to glue together different databases to present them in a single view. As such, it's specific to the software you use to provide the view of your two DSAs. In this case, I'd suggest you move further discussion to LDAP software- specific mailing lists and post here a pointer to that discussion in case you find a good solution to your issue, for future reference. if you're using OpenLDAP, you could use the slapo-glue(5) overlay to glue together separate databases (either can be a proxy to the real DSA), or slapd-meta(5) to obtain a similar behavior (recommended if the two DSAs don't share any portion of their naming context and they reside in separate servers). In both cases, a search for USER on PROXY would be spawned to the most appropriate DSA based on the search base. If that spans both DSAs, the search will occur simultaneously on both systems. In this latter case, it's up to you to ensure the uniqueness of USER across both systems. You may discuss details on <openldap- software@xxxxxxxxxxxx>, but first have a look at the archives, the FAQ and the man pages you've been pointed to. I'm not aware of details about smart proxying and gluing in other DSA implementations; I know FDS (and Sun ONE and other clones of NDS) do implement some proxy functionality, but I don't know whether they allow any means of merging different trees/naming contexts or not. p. Ing. Pierangelo Masarati Responsabile Open Solution OpenLDAP Core Team SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: pierangelo.masarati@xxxxxxxxxx ------------------------------------------
