[LDAP-interop] referral to different parts of DSA

Craig White craigwhite at azapple.com
Fri Nov 11 09:38:48 EST 2005 

On Fri, 2005-11-11 at 09:27 +0100, Pierangelo Masarati wrote:
> On Thu, 2005-11-10 at 21:54 -0700, Craig White wrote: 
> > Thinking about openXchange and it's seemingly rigid orientation for
> > having user accounts uid=(.*),ou=Users,ou=OxObjects,dc=example,dc=org
> > where I am likely to already have my DSA set up with user accounts in
> > uid=(.*),ou=Users,ou=Accounts,dc=example,dc=org and that is already
> > working for samba and posix stuff.
> > 
> > I am using 2.2.x in all cases so far so the 2.3.x overlays
> 
> 2.2. supports overlays as well, although the magic word "overlay"
> doesn't instantly solve all problems; you also need to put some wit in
> them...  besides that, I don't see much reason for all this fear of 2.3;
> it's not that different from 2.2 to use, it's just much better, and it's
> considered stable.  But this is going off topic.
----
It's such a small office that I don't want to burden them with the extra
cost when 2.2.x works fine - it's not so much fear.
----

> one so-and-so-clean solution would be to put a back-ldap proxy in
> between; something like (run test003 first, then edit
> testrun/slapd.1.conf):
> 
> <slapd.1.conf>
> #######################################################################
> # database definitions
> #######################################################################
> 
> ### added virtual subordinate branch
> database        ldap
> suffix          "ou=OxObjects,o=University of Michigan,c=US"
> subordinate
> uri             ldap://:9011
> suffixmassage   "ou=OxObjects,o=University of Michigan,c=US"
> 		"ou=People,o=University of Michigan,c=US"
> ### end of virtual subordinate branch
> 
> database        bdb
> suffix          "o=University of Michigan,c=US"
> directory       ./testrun/db.1.a
> rootdn          "cn=Manager,o=University of Michigan,c=US"
> rootpw          secret
> index           objectClass     eq
> index           cn,sn,uid       pres,eq,sub
> </slapd.1.conf>
> 
> Note that all items will appear as duplicated under the two branches
> "ou=People" and "ou=OxObjects" but, like UNIX symlinks, changes in one
> branch will be immediately reflected in the other branch.
----
OK - this makes sense. It even is easy enough for me to understand.
Thank you so much.

Craig


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

_______________________________________________
LDAP-interop mailing list
LDAP-interop at fini.net
http://lists.fini.net/mailman/listinfo/ldap-interop

More information about the LDAP-interop mailing list