Re: bind/queries through multiple backends

[Dieter Klünter <dieter@dkluenter.de>]

Am Fri, 9 Oct 2015 09:42:28 +0200 (CEST)
schrieb Steffen Kaiser <vm5015995887542392v@vmail.inf.h-brs.de>:

> Hi,
> 
> I currently have a local OpenLDAP v2.4.40 with a bdb backend and
> another instance with a ldap backend proxying binds and queries to an
> AD.
> 
> The bdb backend serves just one suffix:
> 
> dc=example,dc=com
> 
> The AD serves several suffixes:
> 
> dc=example,dc=com (same as local one)
> dc=example,dc=net
> dc=otherexample,dc=com
> dc=anotherexample,dc=net
> 
> I would like to merge both configurations.
> 
> The entries of the suffix dc=example,dc=com, which is served by both 
> servers, are disjunct. There is no DN, which is located on both
> servers. There will be some name problems, but these can be handled
> by organisational means.
> 
> ====
> 
> My first problem is that I cannot make bind work for DNs with 
> suffix dc=example,dc=com, which are located on the 2nd backend. In
> fact, there are very few DNs of that suffix on the 2nd server, but
> there are. I would like that bind first tries the first (local)
> server and, if the DN is missing there, the second server (the proxy).
> 
> Currently, only the local backend is queried.
> 
> ====
> 
> What would be the best solution to forward a bunch of suffixes to the
> LDAP backend?

slapd-relay(5) as subordinate database, and probably suffix "" on
superior database.

-Dieter

-- 
Dieter Klünter | Systemberatung
http://sys4.de
GPG Key ID: E9ED159B
53°37'09,95"N
10°08'02,42"E