[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: setting up a DIT for multiple domains? HELP!?



Mark Wilcox wrote:

> Here's a couple of ways:
> one to accomplish what you want is through the use of referrals.
>
> e.g.
> 1. foo.com
>       create an entry ou=english,dc=foo,dc=com that points to base of
> foo.co.uk's directory
> 2. foo.co.uk
>      create an entry ou=us,dc=foo,dc=co,dc=uk that points to base of foo.com
> directory
> 3. Parent.com
>     has 2 referrals like 1 & 2 but point to foo.com and foo.co.uk
> respectively

Putting a spin on this suggestion, we can model the namespace with DNS.
1. dc=foo,dc=com,dc=. or dc=root for the root
    have o=foo.com point to the above entry.

2. dc=foo,dc=co,dc=uk,dc=.

3. dc=parent,dc=com,dc=.

4. dc=boom,dc=com,dc=.

Now the clients for foo, uk and us and parent.com will be configured to start
their search
at the root (dc=.) if they want all the entries or the appropriate o=foo.com,
etc.

The clients for boom.com would have search base as o=boom.com

Also we need to make sure that we apply appropriate acl's for each container.
Users of parent.com should be able to view all the 3 containers, but
foo.com only U.K and U.S, etc.

P.S: I am not aware of any RFC against using a period as part of the dn, but
I maybe wrong
        The Netscape server took this and has been working fine.

Regards,
-Raj


>
>
> Alternative
>
> create a base of something like o=parent.com
> create two bases off of parent.com with
> o=foo.com,o=parent.com
> o=foo.co.uk,o=parent.com
> and populate as you see fit, that way anything that starts with o=parent.com
> grabs foo.com and foo.co.uk as well.
>
> Not not usally done that way, but a posibility. You're DNs would also become
> quite long, but they don't have to be human readable anyway :).
>
> Mark
>
> The actual interfaces (e.g. mail, web) matter little but you will probably
> have to write them yourself since I have yet to find a pre-written tool that
> really handles referrals for searches very well.
>
> -----Original Message-----
> From: Trever Furnish <trever@monster.com>
> To: openldap-general@OpenLDAP.org <openldap-general@OpenLDAP.org>
> Date: Wednesday, September 01, 1999 5:24 PM
> Subject: setting up a DIT for multiple domains? HELP!?
>
> >
> >I could *really* use some sage advice!
> >
> >I need to set up a directory that serves multiple domains in
> >significantly different ways and leaves room for adding at least one
> >more later - advice on how best to do so would be greatly appreciated!
> >
> >Eventually I'd like to have two user search interfaces to the
> >directory(s?): web-based and email-client-based.  The web-based one
> >doesn't worry me so much, but the email-client search does.
> >
> >For example, I'll pick three make-believe domains and reserve a fourth
> >for later.
> >
> >The domains are:
> > 1. foo.com
> > 2. foo.co.uk
> > 3. boom.com
> > and later 4. Parent.com
> >
> >Foo.com and Foo.co.uk are sister companies in different countries with
> >different email systems, phone switches, etc.  It would be nice if the
> >default search for people in either of these two companies also included
> >the other.  So "cn=jon" would pull from both foo and foo-uk.
> >
> >Boom.com is a seperate company (email happens to be on foo server, phone
> >switch different).  Need to have them in the directory, but not in the
> >default search.
> >
> >Parent.com is the parent of all those companies, but maintains a
> >completely seperate Exchange server with its own directory of its
> >users.  It would also be nice if parent.com people could search all four
> >companies at once, or search them individually.
> >
> >>From the web interface, it must be possible to change search any or all,
> >at the user's whim.
> >
> >So how would one best set up the directory servers for the first three
> >(foo, foo-uk, and boom)?  (Astute readers with too much time can
> >probably see through my silly company names, so keep in mind that my
> >confusion is my own, not my employer's. ;^) )
> >
> >
> >--
> >Trever Furnish, trever@monster.com, postmaster@monster.com
> >Monster.com Operations, 317.347.1323 or (cell) 317.714.4755
> >
> >
> >
> >
begin:vcard 
n:Kunjithapadam;Raj
tel;cell:408-504-3254
tel;work:650-569-5733
x-mozilla-html:TRUE
org:@Home Network;Set Top Engineering
adr:;;4023 Budwing Terrace;Fremont;CA;94538;US
version:2.1
email;internet:rajk@home.com
title:Software Engineer
x-mozilla-cpt:;27456
fn:Raj Kunjithapadam
end:vcard