I'm currently into a process of creating a central service system from where users can connect to VMs. My goal with this is to have a single point of authentication for all possible users.
The issue that i'm facing is :
I need to split the users into 2 different LDAP servers (internal and external users). Now, the LDAP configuration itself is not difficult and it does not have that many users (maybe 20 on each server). This is not a redundant system, there are 2 independent LDAP server, each hosting a different category of users. The UIDs and GIDs will be unique, even the name of users will be different (internal users from external users)/
Is there a way to check the UserAccounts on both LDAP servers before the connection is made? A main requirement is that users will have a unique UID and GID and they will be using SSH keys.
Ideal case would be:
- Users login on the Central Service
- User is being checked on Internal LDAP
- If he is not part of this, user is being verified with External LDAP (the second server)
- If he is not part of this server either, system kicks out the user.
I have seen a post related to my question here :
How can I proxy multiple LDAP servers, and still have grouping of users on the proxy?
However I'm not fully sure if this applies to my situation of if there are other ways to make this happen.
I have also found in my research that using nslcd would also be a solution.
Kindly awaiting four your assistance.
Thank you in advance.
Adrian
