[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: META database root DN : no such object
On Thu, 20 Dec 2012, Bryce Powell wrote:
?When a search with base "dc=foo,dc=com" is attempted, if the scope is
"base" it fails with "no such object"; in fact, the common root of
the two targets (prior to massaging) does not exist.? The vendor won?t
change their code to skip the verification, and recommended I use
Microsoft?s ADAM instead of OpenLDAP. I would prefer to leverage
OpenLDAP, so does anyone have any recommendations as to what I could do?
Thanks, Bryce
You're quoting from "scenario 2a" from the man page, which envisions
dc=a,dc=foo,dc=com and dc=b,dc=foo,dc=com; your desire is to serve some
data at dc=foo,dc=com. So you have to make that exist (obviously). You'll
need a data store to place your "dc=foo,dc=com" data, and you'll need to
"attach" dc=a,dc=foo,dc=com and dc=b,dc=foo,dc=com. So basically...
database meta # maybe ldap or even relay in some installations
subordinate
suffix "dc=a,dc=foo,dc=com"
uri "ldap://a.foo.com/dc=a,dc=foo,dc=com";
database meta
subordinate
suffix "dc=b,dc=foo,dc=com"
uri "ldap://b.foo.com/dc=a,dc=foo,dc=com";
database mdb # or hdb or bdb or even ldif or.....
suffix "dc=foo,dc=com"
So then dc=a and dc=b live over the wire, and dc=foo,dc=com can be filled
with Whatever You Want. Like, say, your base-scope data at dc=foo,dc=com.
You'll almost certainly want to set up some careful ACLs and make sure, in
particular, that nobody writes any dc=a/dc=b data to the on-disk database.
Without trying it, I don't think it would cause a failure per se, but it
would cause a very confused LDAP admin (quite undesirable)! (As for "dc=c"
data on-disk, that's up to you and your site.)