Hello,
I'm trying to combine my test openldap (MDB database) with my production AD installation, so I can have the production users access my test systems. In order to do that I've created two databases in my slapd.conf, as follows:
#######################################################################
# database definitions
#######################################################################
include /usr/local/etc/openldap/slapd-meta-ad-prd.conf
include /usr/local/etc/openldap/slapd-mdb.conf
The configuration file for the AD connection is as follows:
database meta
suffix "dc=bsi,dc=test,dc=com"
uri "ldap://miadc01.mia.usa.sinvest/dc=bsi,dc=test,dc=com"
suffixmassage "dc=bsi,dc=test,dc=com" "dc=mia,dc=usa,dc=sinvest"
idassert-bind bindmethod=simple binddn="cn=Test User,cn=users,dc=mia,dc=usa,dc=sinvest" credentials=xxxxx
The configurtion file for the MDB is:
database mdb
maxsize 1073741824
suffix "dc=test,dc=com"
rootdn "cn=Manager,dc=test,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
# Added by pplu to support root authentication
rootpw xxxxxxx
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /usr/local/var/openldap-data/mdb
# Indices to maintain
index objectClass eq
overlay memberof
memberof-group-oc groupOfUniqueNames
memberof-member-ad uniquemember
So the first database uses the sufix "dc=bsi,dc=test,dc=com", and the second one uses "dc=test,dc=com". The idea is that the AD would appear as a branch of the development database. I've found that I can search the AD by using the search DN "dc=bsi,dc=test,dc=com", but if I try to look with DN "dc=test,dc=com", only the test database is searched. The search does not combine both databases. How can I do it?
thanks
JL