[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: multiple databases (subordinate) and subschemaSubentry

To: Sebastian Guarino <sguarin@afip.gov.ar>
Subject: Re: multiple databases (subordinate) and subschemaSubentry
From: Michael Eichenberger <michael.eichenberger@stepping-stone.ch>
Date: Thu, 11 Aug 2005 00:00:29 +0200
Cc: OpenLDAP Software <openldap-software@OpenLDAP.org>
In-reply-to: <42F8F958.1090906@afip.gov.ar>
References: <42F8F958.1090906@afip.gov.ar>
User-agent: Mozilla Thunderbird 1.0.6 (X11/20050808)

Hi Sebastian

I've got more or less the same setup, but I've got the same rootdn for all the backend's and the rootpw is only mentioned once (the last database definition). I then access the databases with different users, working with ACL's.

See the end of the mail for my example setup.

I have a configuration with two databases like this (one inside the other)
database        bdb
subordinate
suffix          "ou=other,o=org,c=ar"
rootdn          "cn=Manager,ou=other,c=org,c=ar"
rootpw          secret
directory       /var/db/openldap-data/other
lastmod on
database        bdb
suffix          "o=org,c=ar"
rootdn          "cn=Manager,o=org,c=ar"
rootpw          pepe00
directory       /var/db/openldap-data
lastmod on
When I activate the first database (the subordinate one) then I can't search the subschemaSubentry. (0 entries) The schemas can only be searched if I bind with the manager password of the subordinate suffix and not the one from the upper suffix.


#############################
# ou=administration,o=stepping-stone,c=ch
#############################
database        hdb
suffix          "ou=administration,o=stepping-stone,c=ch"
rootdn          "cn=Manager,o=stepping-stone,c=ch"
subordinate
directory       /var/lib/openldap-hdb/stepping-stone/administration
index   objectClass pres,eq
index   entryUUID eq

access to dn.regex="cn=(.+),ou=people,ou=administration,o=stepping-stone,c=ch$" attr=userpassword by dn.regex="cn=$1,ou=people,ou=administration,o=stepping-stone,c=ch" write by anonymous auth by * none

#############################################
# ou=storage,ou=service,o=stepping-stone,c=ch
#############################################
database        hdb
suffix          "ou=storage,ou=service,o=stepping-stone,c=ch"
rootdn          "cn=Manager,o=stepping-stone,c=ch"
subordinate

directory       /var/lib/openldap-hdb/stepping-stone/service/storage
index           objectClass     pres,eq
index           cn,uid          eq
index           entryUUID       eq
index           uidNumber       eq
index           gidNumber       eq

access to dn.subtree="ou=storage,ou=service,o=stepping-stone,c=ch" by group/groupOfUniqueNames/uniqueMember="cn=storage,ou=group,ou=administration,o=stepping-stone,c=ch" read

###########
# MAIN TREE
###########
database        hdb
suffix          "o=stepping-stone,c=ch"
rootdn          "cn=Manager,o=stepping-stone,c=ch"
rootpw          gugus
directory       /var/lib/openldap-hdb/stepping-stone

I know, it doesn't really answer your question, but it works.

Kind regards, Michael

--
visit: http://www.stepping-stone.ch
--
e-mail: michael.eichenberger@stepping-stone.ch
mobile: +41 76 392 36 23
icq: 238901781

Follow-Ups:
- Re: multiple databases (subordinate) and subschemaSubentry
  - From: Sebastian Guarino <sguarin@afip.gov.ar>

References:
- multiple databases (subordinate) and subschemaSubentry
  - From: Sebastian Guarino <sguarin@afip.gov.ar>

Prev by Date: Sync Replication with slapd-perl
Next by Date: Re: Installing Openldap from a tarball
Index(es):
- Chronological
- Thread