OpenLDAP proxy (Meta)

OpenLDAP proxy is a way to use the meta backend to slapd.
It performs basic LDAP proxying with respect to a set of remote LDAP servers, called "targets".
The information contained in these servers can be presented as belonging to a single Directory Information Tree (DIT).
This backend has been designed as an enhancement of the ldap backend.
The ldap backend is intended to proxy operations directed to a single server, the meta backend is mainly intended for proxying of multiple servers and possibly naming context masquerading.
These features, although useful in many scenarios, may result in excessive overhead for some applications, so its use should be carefully considered.

artica-ldap-meta.pngWith the "Proxy" feature, you can centralize
LDAP/Artica servers into a single point

 Enable the Proxy Mode on your Artica server

  • Click on System information on the top menu icons.
  • Select general settings tab.
  • Click on LDAP database parameters.

24-08-2012_17-02-09.png

  • Select LDAP Proxy tab.
  • Click on Proxy Parameters button

25-08-2012_23-32-10.png

  • Activate the Enable Proxy Mode checkbox.
  • Give the suffix of the virtual branch that will store all connections to others LDAP databases

25-08-2012_23-34-57.png

Create connexions to remote LDAP databases

  • On the table, click on "New connection" button

25-08-2012_23-37-26.png

  • Hostname:
    Give the address of the remote database.

  • Port:
    Give the LDAP port of the remote server (usually the 389)

  • LDAP suffix:
    The suffix of the remote LDAP database.

  • Is an Artica server:
    Ff the remote LDAP database is a remote Artica server, enable this feature in order to merge branchs.

  • Link to branch:
    This will put the branch set in the LDAP suffix in the branch defined here.
    By default, artica store users in each organization, for example, an organization named company1 will be stored in ou=company1,dc=organization,suffix.

  • LDAP user DN:
    Set the DN in order to allow to connect to the remote LDAP server.

In order to tune these settings, we suggest to use phpLdapAdmin in order to test and see if branchs are correcly merged.

Set Attributes mapping.

RWM column let you to open attributes mapping section and let you to define which remote attribute should matches with local Attributes.
We have added a specific button for Active Directory or OpenLDAP  mapping that automatically add correct attributes mapping rules.

25-08-2012_23-48-17.png