Re: Limit which database is reachable on which port (slapd is listening on)?

[John Lewis <oflameo2@gmail.com>]

On Tue, 2017-06-20 at 08:23 +0200, Karsten Heymann wrote:
> Hi John,
> 
> 2017-06-20 2:02 GMT+02:00 John Lewis <oflameo2@gmail.com>:
> > On Mon, 2017-06-19 at 16:46 +0200, Karsten Heymann wrote:
> >> 2017-06-19 15:48 GMT+02:00 Howard Chu <hyc@symas.com>:
> >> > Read the slapd.access(5) manpage, use an ACL specifying sockname=xxx for the
> >> > local port identifier.
> 
> > Sorry to hijack this thread, but is there anyway to limit which database
> > is reachable on the same port based on domain the in coming connection
> > is trying to use like name based virtual hosting like name based virtual
> > hosting in the apache web server. I want to make the interfaces as
> > friendly as possible without waisting IPv4 addresses.
> 
> Yes, that's a standard ldap feature. You differentiate between
> different databases on the same server by providing different basedns
> when connecting.
> 
> Example:
> If you have a ldap server with the databases o=companyA and
> o=companyB, you can (and in fact have to) specify which database/tree
> you are searching:
> 
> ldapsearch -H ldap://<my ldap server>/ -b o=companyA givenName=Bob
> ldapsearch -H ldap://<my ldap server>/ -b o=companyB givenName=Alive
> 
> will search for Bobs in the companyA database and for Alices in the
> companyB database.
> 
> Was that your question?
> 
> Best regards
> Karsten

I know that, but can DNS influence LDAP or are they completely
independent and all of the name redirection all the clients
responsibility? For example I have two domains stuff.com and junk.net If
someone tried to connect to stuff.com of a port that is running
stuff.com can it automatically connect them into stuff.com and visa
versa or do they need to know where they are going to and would have to
see that both sites are running via the DIT and choose which site
themselves explicitly?