Re: glue ehancement?
Aaron Richton wrote:
Maybe I'm understanding the requirements incorrectly, but
what's wrong
with http://www.openldap.org/lists/openldap-software/200802/msg00136.html?
That was of course my original suggestion in the ITS. It works for most
situations because we patched nss_ldap to work with multiple service search
descriptors. However the automounter he's using talks to LDAP directly, it
doesn't go thru the name service switch, and it isn't smart enough to handle
multiple SSDs. Thus the problem.
I agree with Dieter that I don't see how the referenced ITS
applies.
For one project, I used:
database hdb
subordinate
suffix "ou=Local Users,dc=rutgers,dc=edu"
database ldap
suffix "dc=rutgers,dc=edu"
in production for a couple years. It didn't work until 2.3.27 or so, when
enhancements to back-ldap/meta made it possible. "Local Users" is
politically guaranteed to be disjoint in this case. IIRC duplicates will
indeed show up twice, with the local entry first.
I also recall the glue syntax changes of the 2.3.3-era. There were
concerns over the amount of rope available there; make sure to keep those
discussions in mind...
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/