title: openldap proxy and beyond link: https://onemoretech.wordpress.com/2007/08/29/openldap-proxy-and-beyond/ author: lembobro description: post_id: 652 created: 2007/08/29 04:11:00 created_gmt: 2007/08/29 04:11:00 comment_status: open post_name: openldap-proxy-and-beyond status: publish post_type: post

openldap proxy and beyond

Finally made the time to compile a fresh build of the latest stable openldap (v2.3.32) with the “ldap” backend enabled and configured as a simple pass-through proxy. This was just the beginning of course, because I then did a “make clean” in my build directory and enabled both the “ldap” and “meta” backends, using a different prefix parameter to put the finished product in a different directory (in my case proxy went into /opt/openldap/proxy and meta to /opt/openldap/meta).

What I’m hoping to do with meta is create a “virtual directory” from a couple of different vendor directories. My first try will be with a Fedora Directory and an Active Directory. The idea will be to create a view of selected entries from each of these directories under a single “virtual” DIT (Directory Information Tree) that resides on the metadirectory. This will require some fancy dn mapping, as well as some attribute and attribute value transforms, all of which meta is supposed to be able to do.

I’ve had mixed success with other LDAP proxy products, and spent a hellish first quarter in 2001 struggling with getting iPlanet Meta-Directory to do anything better than a collection of scripts I wrote myself (I finally got my company to dump Meta-Directory, after receiving lackluster support from iPlanet, and then Sun). Later that year I was at a marketing event where Hal Stern from Sun spoke. When he got to the subject of Meta-Directory, he looked over at me and said, “… or, you could just write your own scripts…”. Vindication.

This should prove to be instructive, and may even be useful for at least one project at work.

I’ll provide details of my configurations as testing proceeds.

Copyright 2004-2019 Phil Lembo