I've been using LDAP for a couple months now and I have my Debian system fully integrated with it so that Samba, PAM, apache, etc all talk to LDAP. My next challenge was to get slapd to use Active Directory (AD) (via LDAP) as a backend instead of a local database of users. I was able to get that working today, with one big issue that I was hoping to resolve and the manager says I have to resolve: How can I hide the baseDN and other required config changes from the local services?
What I mean is that the baseDN for AD is slightly different than what I was using locally. Unfortunately the way LDAP is setup in Linux means that about 10 files in /etc have to know the baseDN and rootDN password, etc. etc.
The manager guy says, "If slapd used back_ldap to point to AD, and local services talk to slapd, why do local services need to know all this stuff about the AD layout?" Logically, it somewhat makes sense, even from a manager.
Could I use an overlay so that if/when the customer decides to connect to an AD, I only have to change slapd.conf?
What I mean is that the baseDN for AD is slightly different than what I was using locally. Unfortunately the way LDAP is setup in Linux means that about 10 files in /etc have to know the baseDN and rootDN password, etc. etc.
The manager guy says, "If slapd used back_ldap to point to AD, and local services talk to slapd, why do local services need to know all this stuff about the AD layout?" Logically, it somewhat makes sense, even from a manager.
Could I use an overlay so that if/when the customer decides to connect to an AD, I only have to change slapd.conf?