Just curious; are we the only ones on the planet (or at least, this mailing list) using a single instance of SLAPD to serve multiple disparate suffixes?
To clarify, we serve (as separate physical directories in the Unix file system etc) suffixes such as (redacted): dc=a,dc=b,dc=c, dc=x,dc=y,dc=z etc. To make matters worse, for political i.e. managerial reasons, some suffixes must be completely unaware of the existance of others.
Or is this more common than I thought?
Dave Horsfall wrote:
Just curious; are we the only ones on the planet (or at least, this mailing list) using a single instance of SLAPD to serve multiple disparate suffixes?
I can't say how common it is and I may not be the most meaningful example, but I've maintained servers like this. It's a consequence of delivering applications for multiple clients but not wanting to have a separate development server for each one. The scenario seems to be accommodated; for example the -n option for slapadd/slapcat.
Jon Roberts www.mentata.com
"It's a small world, but I wouldn't want to paint it." -- Steven Wright
It's not rare, but it's not entirely common. I think most people try to manage a single DIT, although that's not always possible (e.g., because of a merger and a slow migration process). Also, if you are an ISP or LDAP service provide then obviously you will be managing multiple trees for various clients. :)
-- Puryear IT, LLC Identity Management, Directory Services, Systems Integration Baton Rouge, LA * 225-706-8414 * http://www.puryear-it.com
"Best Practices for Managing Linux and UNIX Servers" http://www.puryear-it.com/pubs/linux-unix-best-practices
Dave Horsfall wrote:
Just curious; are we the only ones on the planet (or at least, this mailing list) using a single instance of SLAPD to serve multiple disparate suffixes?
To clarify, we serve (as separate physical directories in the Unix file system etc) suffixes such as (redacted): dc=a,dc=b,dc=c, dc=x,dc=y,dc=z etc. To make matters worse, for political i.e. managerial reasons, some suffixes must be completely unaware of the existance of others.
Or is this more common than I thought?
We serve University entities, registered in the DNS, under dc=$SOMETHING,dc=rutgers,dc=edu; these entities tend to be things like servers. We serve University entities, not registered in the DNS (these tend to be things like organizations) under "o=Rutgers $SOMETHING,c=US". I'm not a huge fan of serving an empty suffix nor c=US, so these are all separate "suffix" directives in slapd.conf and different physical directories in the filesystem. We also make use of glue in a way that means that not everything should be under the dc=rutgers,dc=edu area.
Of course there's no strict need to do this. I could just register one DNS label and enforce ou=$SOMETHING,dc=aaronsdomain,dc=rutgers,dc=edu for everybody (DNS registered or not). I'd say a large factor is cosmetic and, of most importance to me, ease of typing (i.e. shorter). A single organizationalUnit-minded tree would create fairly lengthy DNs at an organization of our size (unless I made meaningless "ou=a" and "ou=b" to save characters). Bottom line: Yeah, we do this.
On Fri, 13 Jul 2007, Dave Horsfall wrote:
Just curious; are we the only ones on the planet (or at least, this mailing list) using a single instance of SLAPD to serve multiple disparate suffixes?
To clarify, we serve (as separate physical directories in the Unix file system etc) suffixes such as (redacted): dc=a,dc=b,dc=c, dc=x,dc=y,dc=z etc. To make matters worse, for political i.e. managerial reasons, some suffixes must be completely unaware of the existance of others.
Or is this more common than I thought?
-- Dave Horsfall DTM VK2KFU Ph: +61 2 9552-5509 (direct) +61 2 9552-5500 (switch) Corinthian Eng'ng P/L, Ste 54 Jones Bay Whf, 26-32 Pirrama Rd, Pyrmont 2009, AU
openldap-software@openldap.org
-
Aaron Richton -
Dave Horsfall -
Dustin Puryear -
Jon Roberts