Hallvard B Furuseth wrote: [...]
No, "nil" is not an LDAP term
Thats why I put it in quotes - I didn't have a better term to say "the DN cannot be found on the current server and the Client has no clue where to look for it".
Put the DNs of the entries in question in the seeAlso attribute, just as you would do if the entries they point at were stored in server A.
Then set up server A so that attempts to look up an entry under ou=X,o=Y,c=Z will return a referral to server B to the client, or will cause server A to contact server B and return the results to the client.
Ok, so I wasn't on the wrong way.
The simplest way is to put referral ldap://server B/ in slapd.conf, so that attempts to look up _any_ entry outside dc=tu-clausthal,dc=de in server A will return a referral to server B.
Hmm, I might have to refer to some other LDAP server in the future, so this is a bit too simple. Too bad that there isn't a "refer-to"-backend that just refers someone querying it's suffix to a different server.
Since I just want "referential integrity", i.e. the Server to know _something_ (even just a Referral) about a DN below "ou=X,o=Y,c=Z", I don't need the server to chase the referral. So I could add a second bdb (or even ldif!?) backend as Readonly etc, that just contains a referral entry for "ou=X,o=Y,c=Z"?
bye Christian