10:44 a.m.
Hello,
We're in the process of setting up a new DIT divided up by a handful of
(o) organizations. We would like to split the DIT up so that each
organization will sysadmin their own ldap provider containing their
branch of the DIT.
There are some examples on the Net on how to use referrals and chains
and the set up seems to be what we want, and relatively straight forward
to implement.
But before we begin, I'd like to check. The documentation here is
confusing. http://www.openldap.org/doc/admin24/referrals.html At the
bottom of the page, the 2nd Note says "A better approach would be to use
explicitly defined local and proxy databases in /subordinate/
configurations to provide a seamless view of the Distributed Directory."
I've scoured the Net for some clues/examples to what this means but
haven't found anything that helps us much to understand. The same page
http://www.openldap.org/doc/admin24/referrals.htm says "Subordinate
knowledge information is maintained in the directory as a special
/referral/ object" but that seems to enter into conflict with the 2nd
Note. ??
There also seems to be a "olcSubordinate" attribute that I can't find
any information about.
How does the "local and proxy databases in /subordinate/ configurations"
configuration work? Is it documented anywhere?
Any pointers or suggestions would be greatly appreciated.
Thanks.
Chris.
||||||
1:16 a.m.
Am Fri, 8 Jun 2018 19:44:31 +0200
schrieb Chris <chris(a)gatopelao.org>:
Hello,
We're in the process of setting up a new DIT divided up by a handful
of (o) organizations. We would like to split the DIT up so that each
organization will sysadmin their own ldap provider containing their
branch of the DIT.
There are some examples on the Net on how to use referrals and chains
and the set up seems to be what we want, and relatively straight
forward to implement.
You could define a handful independent databases, something like
database o=A
database o=B
all databases controlled by 1 slapd process
man slapd.conf(5) and slapd-mdb(5)
But before we begin, I'd like to check. The documentation here is
confusing. http://www.openldap.org/doc/admin24/referrals.html At the
bottom of the page, the 2nd Note says "A better approach would be to
use explicitly defined local and proxy databases in /subordinate/
configurations to provide a seamless view of the Distributed
Directory."
I've scoured the Net for some clues/examples to what this means but
haven't found anything that helps us much to understand. The same page
http://www.openldap.org/doc/admin24/referrals.htm says "Subordinate
knowledge information is maintained in the directory as a special
/referral/ object" but that seems to enter into conflict with the 2nd
Note. ??
No.
There also seems to be a "olcSubordinate" attribute that I
can't find
any information about.
How does the "local and proxy databases in /subordinate/
configurations" configuration work? Is it documented anywhere?
Any pointers or suggestions would be greatly appreciated.
As a start you should get acquainted with RFC4512
https://www.rfc-editor.org/pdfrfc/rfc4512.txt.pdf
and X.500
https://www.itu.int/rec/T-REC-X.500/en
-Dieter
--
Dieter Klünter | Systemberatung
http://sys4.de
GPG Key ID: E9ED159B
53°37'09,95"N
10°08'02,42"E
2002
days inactive
2005
days old
openldap-technical@openldap.org
1 comments
2 participants
participants (2)
-
Chris -
Dieter Klünter