meta backend is one thing I found too when I were looking for some solution and I thought I should also try. I had not yet the time to try it but every where I saw his usage it is to map ou=suffix1 and ou=suffix2 to "a third suffix".
In my case I have my local db with a suffix of dc=base,dc=dn. The remote database has also a suffix of dc=base,dc=dn. And what I want is to have on the unified view a suffix of dc=base,dc=dn too. Something like ou=suffix1,dc=base,dc=dn and ou=suffix2,dc=base,dc=dn is not what I'm looking for.
Maybe you can confirm that it is doable.
Another point in my case is that I have entries that are on both, local and remote databases, with the same dn's. With a search operation, remote entries should be fetched and what is on the local database should append/override remote's entries before being displayed. Have you by chance, be confronted to a case like this with your setup ?
Le 2016-01-08 21:47, jason cafarelli a écrit :
I used suffix massage to combine customer LDAP with my local LDAP server; this allows us to have internal users. Documentation on doing this is very sparse.
Client side; sssd points at dc=local.
# BDB database definitions #######################################################################
#local database b database bdb idlcachesize 50000 suffix "dc=b,dc=com" rootdn "cn=adm,dc=b,dc=com" rootpw {SSHA}xx cachesize 50000 dirtyread dbnosync checkpoint 128 15 idlcachesize 50000 index objectClass eq
#database meta - COMBINES the LDAP DATABASES database meta suffix "dc=local" rootdn "cn=adm,dc=local" rootpw {SSHA}xx
#internal LDAP uri "ldap://127.0.0.1/ou=internal,dc=local [2]" lastmod off suffixmassage "ou=internal,dc=local" "dc=b,dc=com"
#external - customer LDAP #uncomment lines and only change vars inside [] to match env # #uri "ldap://[myldap]/ou=external,dc=local" #lastmod off #suffixmassage "ou=external,dc=local" "[dc=a,dc=a,dc=com]" #
JASON K CAFARELLI Desk: (508) 637-5705 [3] (primary) Mobile: (508) 215-9712 [4] jason.cae@gmail.com