I have an LDAP server with a base "o=company, c=us". There is another
server which controls "ou=people,o=company,c=us", so in slapd.conf i have
the following:
database bdb
suffix "o=company,c=US"
rootdn "cn=Manager,o=company,c=US"
rootpw *******
directory /usr/var/openldap-data
# Indices to maintain
index objectClass eq
index ou,cn,uid eq,pres,sub
#meta test
database meta
suffix "ou=people,o=company,c=US"
uri "ldap://directory.company.com/ou=People,o=company,c=US";
When I try to start slapd, I get: /etc/openldap/slapd.conf: line 84:
<suffix> namingContext "o=company,c=US" already served by a preceding bdb
database serving namingContext "o=company,c=US". Am I misusing meta? Can I
not proxy binds/lookups to specific OUs to a secondary LDAP? I understand
what the message is saying, but don't think I understand the proper use of
meta.
For example, I have an ou=groups that contains "groupofnames" and the
members of those groups are like "uid=123456,ou=people,o=company,c=us". So I
want ou = groups owned on my server, then the when specific members try to
bind, they are proxied to this external LDAP server that serves
ou=people,o=company,c=us and contains their uids and passwords. Am I going
about this the wrong way? Is there a way to accomplish what im trying to do?
Thanks in advance...
--stephen