I have an LDAP server with a base "o=company, c=us". There is another
server which controls "ou=people,o=company,c=us", so in slapd.conf i
have the following:
database bdb
suffix "o=company,c=US"
rootdn "cn=Manager,o=company,c=US"
rootpw *******
directory /usr/var/openldap-data
# Indices to maintain
index objectClass eq
index ou,cn,uid eq,pres,sub
#meta test
database meta
suffix "ou=people,o=company,c=US"
uri "ldap://directory.company.com
/ou=People,o=company,c=US"
When
I try to start slapd, I get: /etc/openldap/slapd.conf: line 84:
<suffix> namingContext "o=company,c=US" already served by a
preceding bdb database serving namingContext "o=company,c=US". Am I
misusing meta? Can I not proxy binds/lookups to specific OUs to a
secondary LDAP? I understand what the message is saying, but don't
think I understand the proper use of meta.
For example, I have an ou=groups that contains "groupofnames" and the members of those groups are like "uid=123456,ou=people,o=company,c=us".
So I want ou = groups owned on my server, then the when specific
members try to bind, they are proxied to this external LDAP server that
serves ou=people,o=company,c=us and contains their uids and passwords.
Am I going about this the wrong way? Is there a way to accomplish what
im trying to do?
Thanks in advance...
--stephen