How can I proxy multiple LDAP servers, and still have grouping of users on the proxy?

Posted by Chris on Server Fault See other posts from Server Fault or by Chris
Published on 2010-01-27T16:38:42Z Indexed on 2010/03/28 5:03 UTC
Read the original article Hit count: 295

Filed under:
|
|

I have 2 problems that I'm hoping to find a common solution to.

First, I need to find a way to have multiple LDAP servers (Windows AD's across multiple domains) feed into a single source for authentication. This is also needed to get applications that can't natively talk to more than one LDAP server to work. I've read this can be done with Open LDAP. Are there other solutions?

Second, I need to be able to add those users to groups without being able to make any changes to the LDAP servers I'm proxying.

Lastly, this all needs to work on Windows Server 2003/2008.

I work for a very large organization, and to create multiple groups and have large numbers of users added to, moved between, and removed from them is no small task. This normally requires tons of paperwork and a lot of time. Time is the one thing we don't normally have; dodging the paperwork is just a plus.

I have very limited experience in all this, so I'm not even sure what I'm asking will make sense. Atlassian Crowd comes close to what we need, but falls short of having it's own LDAP front end. Can anyone provide any advice or product names?

Thanks for any help you can provide.

© Server Fault or respective owner

Related posts about ldap

Related posts about proxy