Hi,
danz@wustl.edu a écrit :
Thanks for the feedback.
Is it correct to state that with your example there must be a common element in the suffix in order for this to work? database ldap suffix "ou=A,o=example" subordinate uri ldap://a.example.com:389
database ldap suffix "ou=B,o=example" subordinate uri ldap://b.example.com:389
database null suffix "o=example" overlay glue
Pierangelo provided the following example which would seem to indicate that there need not be any commonality in the suffix although this example does not make use of the "null" database entry: database ldap suffix "ou=Old" uri "ldap://old.server"
database ldap suffix "dc=new" uri "ldap://new.server"
In our case the suffixes would be: New server ou=Persons,dc=subdomainA,dc=domain,dc=edu Old server ou=users,ou=ais
As you can see there is no commonality between the 2.
I may have misunderstood your problem. I understood that during your transition period between "old" and "new", you wished all LDAP clients to perform the same search but find users that are in either tree, transparently.
Thus, if your search is something like : ldapsearch -h the.ldap.server -b "ou=the-common-search-base" uid=someone
...you can use the same search on all clients, and yes, you would need a common suffix. If your current LDAP services don't share a suffix, you can use slapo-rwm to rewrite this, for example : rwm-suffixmassage ou=new,ou=the-common-search-base o=new
If you don't need to perform exactly the same search on all clients, why don't you just configure them all the same?
Regards,