Am Thu, 26 Apr 2018 09:33:56 -0300 schrieb seguranca informacao cerberus.seginfo@gmail.com:

Hi guys,

I'm trying to accomplish a configuration that I'm not aware of. I need to replicate several directories (AD, openldap, etc) to a unique repository (my openldap). The thing is I need to have completely separate trees for each domain (client). Any ideas in how to do that? bellow is an example what I'm thinking of:

dc=example,dc=com cn=users cn=groups

------------------------------ complete separation dc=domain,dc=com cn=users cn=groups

------------------------------ complete separation dc=test,dc=ca cn=users cn=groups

------------------------------ complete separation

make use of slapd-ldap(5), slapd-relay(5) and slapo-rwm(5) something like:

database ldap suffix dc=test,dc=ca ... database relay suffix dc=test,dc=example,dc=com relay dc=test,dc=ca overlay rw rwm-suffixmassage "dc=test,dc=example,dc=com" "dc=test,dc=ca" subordinate

database mdb suffix dc=example,dc=com

-Dieter