[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
The general problem with multiple databases
Phil Dodderidge wrote:
>
> I am trying to partition my data into multiple databases
> for ease of administration and I have run into a problem
> with group access control across databases.
>
> I have something like the following in my slapd.conf
>
> ...
> database ldbm
> suffix "dc=domain,dc=com"
> directory /usr/local/ldap/db
> ......
> database ldbm
> suffix "ou=div1,o=company a,dc=domain,dc=com"
> directory /usr/local/ldap/db/div1
This begs the question of whether or not "dc=" naming
shouldn't have explicit use of dots so that root references
can be made, e.g.:
suffix "dc=domain.,dc=com.,dc=."
I expect that this would require changing the free referral
service somewhat, but what do people think about this?
Right now, I can't have both:
suffix "dc=foo,dc=com"
and:
suffix "dc=foo,dc=net"
easily in one database without redirection through a
referral server.
It seems to me that something like DNS's idea of the
"authoritative" concept is necessary.
Alternately, is anyone interested in working on a draft
to define the interaction of DNS SRV records (which do not
like to be used with a protocol without a per-protocol-RFC
on the subject) with LDAP?
In particular, it seems that it would be difficult to
require clients to forage for the base DN.
Thanks,
-- Terry Lambert
-- Whistle Communications, Inc., an I.B.M. Company
-- terry@whistle.com
-------------------------------------------------------------------
This is formal notice under California Assembly Bill 1629, enacted
9/26/98 that any UCE sent to my email address will be billed $50
per incident to the legally allowed maximum of $25,000.