Hi,
I currently have a local OpenLDAP v2.4.40 with a bdb backend and another instance with a ldap backend proxying binds and queries to an AD.
The bdb backend serves just one suffix:
dc=example,dc=com
The AD serves several suffixes:
dc=example,dc=com (same as local one) dc=example,dc=net dc=otherexample,dc=com dc=anotherexample,dc=net
I would like to merge both configurations.
The entries of the suffix dc=example,dc=com, which is served by both servers, are disjunct. There is no DN, which is located on both servers. There will be some name problems, but these can be handled by organisational means.
====
My first problem is that I cannot make bind work for DNs with suffix dc=example,dc=com, which are located on the 2nd backend. In fact, there are very few DNs of that suffix on the 2nd server, but there are. I would like that bind first tries the first (local) server and, if the DN is missing there, the second server (the proxy).
Currently, only the local backend is queried.
====
What would be the best solution to forward a bunch of suffixes to the LDAP backend?