wow....thanks a bunch, that worked perfectly.
--stephen
On 1/22/07, Aaron Richton <richton@nbcs.rutgers.edu > wrote:
>
> Try something more like:
>
> database meta
> suffix "ou=people,o=company,c=US"
> subordinate
>
> database bdb
> suffix "o=company,c=US"
>
> see if that does what you want...
>
> On Mon, 22 Jan 2007, Stephen Agar wrote:
>
> > I have an LDAP server with a base "o=company, c=us". There is another
>
> > server which controls "ou=people,o=company,c=us", so in slapd.conf i
> have
> > the following:
> >
> > database bdb
> > suffix "o=company,c=US"
> > rootdn "cn=Manager,o=company,c=US"
> > rootpw *******
> > directory /usr/var/openldap-data
> > # Indices to maintain
> > index objectClass eq
> > index ou,cn,uid eq,pres,sub
> >
> > #meta test
> > database meta
> > suffix "ou=people,o=company,c=US"
> > uri
> "ldap://directory.company.com/ou=People,o=company,c=US"
> >
> >
> > When I try to start slapd, I get: /etc/openldap/slapd.conf: line 84:
> > <suffix> namingContext "o=company,c=US" already served by a preceding
> bdb
> > database serving namingContext "o=company,c=US". Am I misusing meta?
> Can I
> > not proxy binds/lookups to specific OUs to a secondary LDAP? I
> understand
> > what the message is saying, but don't think I understand the proper
> use of
> > meta.
> >
> > For example, I have an ou=groups that contains "groupofnames" and the
> > members of those groups are like
> "uid=123456,ou=people,o=company,c=us". So I
> > want ou = groups owned on my server, then the when specific members
> try to
> > bind, they are proxied to this external LDAP server that serves
> > ou=people,o=company,c=us and contains their uids and passwords. Am I
> going
> > about this the wrong way? Is there a way to accomplish what im trying
> to do?
> >
> >
> > Thanks in advance...
> > --stephen
> >
>