Aaron Richton wrote:
Maybe I'm understanding the requirements incorrectly, but what's wrong with http://www.openldap.org/lists/openldap-software/200802/msg00136.html?
That was of course my original suggestion in the ITS. It works for most situations because we patched nss_ldap to work with multiple service search descriptors. However the automounter he's using talks to LDAP directly, it doesn't go thru the name service switch, and it isn't smart enough to handle multiple SSDs. Thus the problem.
I agree with Dieter that I don't see how the referenced ITS applies.
For one project, I used:
database hdb subordinate suffix "ou=Local Users,dc=rutgers,dc=edu"
database ldap suffix "dc=rutgers,dc=edu"
in production for a couple years. It didn't work until 2.3.27 or so, when enhancements to back-ldap/meta made it possible. "Local Users" is politically guaranteed to be disjoint in this case. IIRC duplicates will indeed show up twice, with the local entry first.
I also recall the glue syntax changes of the 2.3.3-era. There were concerns over the amount of rope available there; make sure to keep those discussions in mind...