Hello,
We're in the process of setting up a new DIT divided up by a handful of (o) organizations. We would like to split the DIT up so that each organization will sysadmin their own ldap provider containing their branch of the DIT.
There are some examples on the Net on how to use referrals and chains and the set up seems to be what we want, and relatively straight forward to implement.
But before we begin, I'd like to check. The documentation here is confusing. http://www.openldap.org/doc/admin24/referrals.html At the bottom of the page, the 2nd Note says "A better approach would be to use explicitly defined local and proxy databases in /subordinate/ configurations to provide a seamless view of the Distributed Directory."
I've scoured the Net for some clues/examples to what this means but haven't found anything that helps us much to understand. The same page http://www.openldap.org/doc/admin24/referrals.htm says "Subordinate knowledge information is maintained in the directory as a special /referral/ object" but that seems to enter into conflict with the 2nd Note. ??
There also seems to be a "olcSubordinate" attribute that I can't find any information about.
How does the "local and proxy databases in /subordinate/ configurations" configuration work? Is it documented anywhere?
Any pointers or suggestions would be greatly appreciated.
Thanks.
Chris.
||||||
Am Fri, 8 Jun 2018 19:44:31 +0200 schrieb Chris chris@gatopelao.org:
Hello,
We're in the process of setting up a new DIT divided up by a handful of (o) organizations. We would like to split the DIT up so that each organization will sysadmin their own ldap provider containing their branch of the DIT.
There are some examples on the Net on how to use referrals and chains and the set up seems to be what we want, and relatively straight forward to implement.
You could define a handful independent databases, something like
database o=A
database o=B
all databases controlled by 1 slapd process man slapd.conf(5) and slapd-mdb(5)
But before we begin, I'd like to check. The documentation here is confusing. http://www.openldap.org/doc/admin24/referrals.html At the bottom of the page, the 2nd Note says "A better approach would be to use explicitly defined local and proxy databases in /subordinate/ configurations to provide a seamless view of the Distributed Directory."
I've scoured the Net for some clues/examples to what this means but haven't found anything that helps us much to understand. The same page http://www.openldap.org/doc/admin24/referrals.htm says "Subordinate knowledge information is maintained in the directory as a special /referral/ object" but that seems to enter into conflict with the 2nd Note. ??
No.
There also seems to be a "olcSubordinate" attribute that I can't find any information about. How does the "local and proxy databases in /subordinate/ configurations" configuration work? Is it documented anywhere?
Any pointers or suggestions would be greatly appreciated.
As a start you should get acquainted with RFC4512 https://www.rfc-editor.org/pdfrfc/rfc4512.txt.pdf and X.500 https://www.itu.int/rec/T-REC-X.500/en
-Dieter
openldap-technical@openldap.org