You have your new shiny application, and LDAP server on the other side. Easy as pie. What can go wrong?
- you use e-mail as login, and application assumes that logins don't have domain in them and allows you embedding of whole login into DN
- application can import various interesting fields using LDAP, but you have data somewhere else, and it doesn't really belong into your LDAP
- you need to provide subset of data in your database as LDAP server to application
I had written about my saga with LDAP about augmenting LDAP search responses and exposing RDBMS data as LDAP server. But today, I added rewrite of bind, so now I can use unmodified Koha, and all needed quirks for my AAI@EduHr schema are outside application.
This made my attempt to virtualize LDAP almost complete so I created a project page on Ohloh. I will write small updates about status there, so If any of this is interesting to you, hop over there.