[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Proxying a subtree with OpenLDAP

To: "'Steve Chan'" <sychan@lbl.gov>, <openldap-software@OpenLDAP.org>
Subject: RE: Proxying a subtree with OpenLDAP
From: "Howard Chu" <hyc@highlandsun.com>
Date: Fri, 14 May 2004 16:24:48 -0700
Importance: Normal
In-reply-to: <001e01c43a03$4a65b970$0e133780@gridmonkey>

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Steve Chan

> 	I've been looking at the docs on back-ldap and back-meta but
> can't seem to locate the configuration to do a particular task.
> 
> 	I'd like for a certain entry within an otherwise very normal
> directory to be a proxy to another database on the same server.
> 
> 	It looks like the ldap and meta databases both do this kind of
> stuff, but they seem to require a suffix outside the namespace of the
> main tree.
> 
> For example:
> 
> 	I have a bdb database rooted at dc=foo,dc=gov and another
> database rooted at dc=bar,dc=gov
> 
> 	I'd like ou=outside,dc=foo,dc=gov tree to be proxied into
> ou=outside,dc=bar,dc=gov and I'd like the returned entries to be
> rewritten so that they look like they came from 
> ou=outside,dc=foo,dc=gov
> 
> 	Is this possible? Can someone give me the outlines of the
> appropriate config directives to make it happen?

Yes, use a subordinate backend.

database ldap
suffix ou=outside,dc=foo,dc=gov
subordinate
...

database bdb
suffix dc=foo,dc=gov
...

database bdb
suffix dc=bar,dc=gov
...

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

References:
- Proxying a subtree with OpenLDAP
  - From: "Steve Chan" <sychan@lbl.gov>

Prev by Date: Proxying a subtree with OpenLDAP
Next by Date: Re: Best way to manage multiple accounts
Index(es):
- Chronological
- Thread