Currently, we have a small group of users that are set-up on an Microsoft SBS machine, hence available under active directory.
These users, as well as a bunch of others also have entries on a second LDAP server (openLDAP). This second server is used for authentication and access control for a few different things such as our internal timesheet web-based system, footy tipping system, forums and subversion repository control.
Thus, for the group that are in the office, they have two separate accounts that they have to remember ID and password for. Some of these internal systems are not easy to configure to authenticate against multiple LDAP servers (mod_authnz_ldap).
For various reasons, we don't want the extra users and groups cluttering up the Active Directory on the SBS machine.
I would love to be able to somehow set up a virtual LDAP server that could work across the two existing LDAP servers and provide a unified view. It would pull the user info from AD, and either from the openLDAP server as well, or maintain the additional users and groups internally.
(Actually, internally would probably be better, as there would be groups that would exist only on the aggregated server, to which we would like to assign users from the AD server as members.)
The only think I know of that is close to doing what I want would be the Penrose virtual directory server, but I wanted to see if there were other options out there before I investigated that much further.