Ping a Specific Port

Question

lofidevops

Asked: 2017-05-19 01:45:02 +0800 CST2017-05-19 01:45:02 +0800 CST 2017-05-19 01:45:02 +0800 CST

How can I combine OpenLDAP trees for user authentication?

772

Let's say I'm running two OpenLDAP servers which I can use independently for authentication: ldap.example.com (a production site) and ldap.example.io (a testing site).

Is it possible to configure ldap.example.io so that if a user is not found, instead of failing authentication, an attempt is made using ldap.example.com? This way an application using the OpenLDAP server for authentication only needs to be aware of a single LDAP resource.

I imagine there are complications to consider (e.g. duplicate usernames, where do new users get added, should the grafted tree be read-only) but for now I just want to find out if such a mechanism even exists.

1 Answers

Voted

Sven · Answer 1 · 2017-05-19T01:49:18+08:00

Best Answer

Sven

2017-05-19T01:49:18+08:002017-05-19T01:49:18+08:00

Yes, the process is called "referral" and is a pretty standard LDAP operation mode, see http://www.openldap.org/doc/admin24/referrals.html

An alternative would be chaining: http://www.openldap.org/doc/admin24/overlays.html#Chaining

2

How can I combine OpenLDAP trees for user authentication?

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?