You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@directory.apache.org by "Mittal, Nitin (US - Mumbai)" <ni...@deloitte.com> on 2007/10/16 17:15:53 UTC

Authentication against a group of directory servers

Hello,

I now have a better understanding of referral chasing.
Here is the decription of the problem that I am facing currently.

I have a set up of two ApacheDS instances 'LDAP_A' & 'LDAP_B' running on different machines.
LDAP_A and LDAP_B both have their user stores. LDAP_A also has a link to LDAP_B.
---------------------------------------------------------------

The following usecase for authenticating a user is working for me :-
Initialize a DirContext to the local LDAP_A,pass authentication credentials of LDAP_A admin for creating this context.
Context created
Fire a JNDI search on just LDAP_A (not being aware of LDAP_B), 
Result ->I get back a list of all user in LDAP_A and LDAP_B, 
with common users occurring twice.
I can search this user list to authenticate any user.
---------------------------------------------------------------------------------------------

However, can the following usecas be realized using referral chasing or some other mechanism ?
Initialize a DirContext to the local LDAP_A,pass authentication credentials of LDAP_B admin for creating this context.

Result -> Since LDAP_A has a referral link to LDAP_B, admin authentication credentials of either server can be used to create a context.

Is this achievable. I want to avoid scrolling through a list of users. I would want to authenticate a user by creating a context using it's credentials, and still be able to leverage referrals.



thanks,

Nitin Mittal
Technology Integration
Deloitte Consulting Offshore Technology Group
 
Tel: +91 22 6644-5745 (Direct)
Tel: +91 9323624353 (Mobile)
Tel: +91 22 6644-5000 (Main)
nimittal@deloitte.com 
www.deloitte.com 

________________________________________________________________________________________________________________ 


This message (including any attachments) contains confidential information intended for a specific individual and purpose, and is protected by law.  If you are not the intended recipient, you should delete this message. 


Any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited. [v.E.1]