Am Fri, 9 Oct 2015 09:42:28 +0200 (CEST)
schrieb Steffen Kaiser <vm5015995887542392v(a)vmail.inf.h-brs.de>:
I currently have a local OpenLDAP v2.4.40 with a bdb backend and
another instance with a ldap backend proxying binds and queries to an
The bdb backend serves just one suffix:
The AD serves several suffixes:
dc=example,dc=com (same as local one)
I would like to merge both configurations.
The entries of the suffix dc=example,dc=com, which is served by both
servers, are disjunct. There is no DN, which is located on both
servers. There will be some name problems, but these can be handled
by organisational means.
My first problem is that I cannot make bind work for DNs with
suffix dc=example,dc=com, which are located on the 2nd backend. In
fact, there are very few DNs of that suffix on the 2nd server, but
there are. I would like that bind first tries the first (local)
server and, if the DN is missing there, the second server (the proxy).
Currently, only the local backend is queried.
What would be the best solution to forward a bunch of suffixes to the
slapd-relay(5) as subordinate database, and probably suffix "" on
Dieter Klünter | Systemberatung
GPG Key ID: E9ED159B