Hello all,
I'm been working with OpenLDAP in a metadirectory configuration -- I'm using it to provide a merged view of two organization LDAP servers, along with a local database to support "external collaborators" (that is, people not otherwise affiliated with our organization). In my limited testing it seems to be working reasonably well, but I'm not sure I completely understand all the components. For example, I'm unsure of the difference between this:
database meta
uri ldap://serverA.example.com/ou=A,o=organization uri ldap://serverB.example.com/ou=B,o=organization # ...necessary suffix massaging...
database hdb suffix o=organization
And this:
database ldap subordinate suffix ou=A,o=organization uri ldap://serverA.example.com # ...rewriting...
database ldap subordinate suffix ou=B,o=organization uri ldap://serverB.example.com # ...rewriting...
database hdb suffix o=organization
Both seem to provide the same behavior; a search against o=organization will search all three directories. Is either configuration preferable? Is one backend considered more stable than the other? is there some subtle difference in behavior that I'm missing? I'd appreciate your input.
Thanks,
-- Lars