Re: Community request: Real World OpenLDAP Deployments

["Dieter Kluenter" <dieter@dkluenter.de>]

Hi Gasvin,

Gavin Henry <ghenry@suretecsystems.com> writes:

> Dear All,
>
> I'd like to get some examples written up for
>
> http://www.openldap.org/doc/admin24/appendix-deployments.html
>
> If anyone is interested and allowed to share some information, I'd
> love to hear from you. 
>
> The more strange the setup the better!

This example is not strange but quite common, that is to
integrate a HR or CRM system into a sort of meta directory.

moduleload      back_relay.la
moduleload      back_sql.la
moduleload      rwm.la
moduleload      accesslog.la

database        sql
suffix          "ou=customers"
rootdn          "cn=Manager,ou=customers"
rootpw          secret
dbname          customers
dbuser          manager
dbpasswd        secret
has_ldapinfo_dn_ru      no
use_subtree_shortcut no

database        relay   
suffix          "ou=customers,o=myCompany
relay           ou=customers
overlay         rwm
rwm-suffixmassage       "ou=customers,o=myCompany" "ou=customers"
subordinate

database        hdb
suffix          "o=myCompany"
rootdn          "cn=manager,o=myCompany"
rootpw          secret

authz-policy to
authz-regexp uid=(.*),cn=.*,cn=auth
             ldap:///o=myCompany??sub?uid=$1
authz-regexp
            gidNumber=(.*)\\+uidNumber=(.*),cn=peercred,cn=external,cn=auth
            ldap:///o=myCompany??sub?(&(uidNumber=$1)(gidNumber=$2))
...

overlay accesslog
logdb cn=log
logops writes
logold (objectclass=evolutionperson)
logoldattr mail cn sn
logpurge 3+00:00 1+00:00


An other option is to connect to a HR or CRM system by means of
back-perl or back-sock. This coould be vital if connection is made to
a SAP system, as this can only be connected to via FTP.

-Dieter

-- 
Dieter KlÃnter | Systemberatung
http://www.dpunkt.de/buecher/2104.html
sip: +49.180.1555.7770535
GPG Key ID:8EF7B6C6
53Â08'09,95"N
10Â08'02,42"E