[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Search against multiple databases under

To: openldap-technical@openldap.org
Subject: Re: Search against multiple databases under
From: Dieter Klünter <dieter@dkluenter.de>
Date: Thu, 10 Aug 2017 19:38:20 +0200
In-reply-to: <CAHB4ARswDPEx-O2J61SUQU3diOQ5nxyJ6fRYtALarJesgv0VcA@mail.gmail.com>
Organization: AVCI
References: <CAHB4ARswDPEx-O2J61SUQU3diOQ5nxyJ6fRYtALarJesgv0VcA@mail.gmail.com>

Am Thu, 10 Aug 2017 12:54:38 -0400
schrieb JOSE L MARTINEZ-AVIAL <jlmagc@gmail.com>:

> Hello,
>   I'm trying to combine my test openldap (MDB database) with my
> production AD installation, so I can have the production users access
> my test systems. In order to do that I've created two databases in my
> slapd.conf, as follows:
> 
> #######################################################################
> # database definitions
> #######################################################################
> include /usr/local/etc/openldap/slapd-meta-ad-prd.conf
> include /usr/local/etc/openldap/slapd-mdb.conf
> 
> The configuration file for the AD connection is as follows:
> 
> database    meta
> suffix         "dc=bsi,dc=test,dc=com"
> uri             "ldap://miadc01.mia.usa.sinvest/dc=bsi,dc=test,dc=com";
> suffixmassage   "dc=bsi,dc=test,dc=com" "dc=mia,dc=usa,dc=sinvest"
> idassert-bind bindmethod=simple binddn="cn=Test
> User,cn=users,dc=mia,dc=usa,dc=sinvest" credentials=xxxxx
> 
> 
> The configurtion file for the MDB is:
> database        mdb
> maxsize         1073741824
> 
> suffix          "dc=test,dc=com"
> rootdn          "cn=Manager,dc=test,dc=com"
> 
> # Cleartext passwords, especially for the rootdn, should
> # be avoid.  See slappasswd(8) and slapd.conf(5) for details.
> # Use of strong authentication encouraged.
> # Added by pplu to support root authentication
> rootpw          xxxxxxx
> # The database directory MUST exist prior to running slapd AND
> # should only be accessible by the slapd and slap tools.
> # Mode 700 recommended.
> directory       /usr/local/var/openldap-data/mdb
> # Indices to maintain
> index   objectClass     eq
> overlay memberof
> memberof-group-oc groupOfUniqueNames
> memberof-member-ad uniquemember
> 
> So the first database uses the sufix "dc=bsi,dc=test,dc=com", and the
> second one uses "dc=test,dc=com". The idea is that the AD would
> appear as a branch of the development database. I've found that I can
> search the AD by using the search DN "dc=bsi,dc=test,dc=com", but if
> I try to look with DN "dc=test,dc=com", only the test database is
> searched. The search does not combine both databases. How can I do it?

You may consider to glue both databases to a single namingContext by
declaring "dc=bsi,dc=test,dc=com" as subordinate database, see man
slapd.conf(5). But this requires a single rootDN.

-Dieter



-- 
Dieter Klünter | Systemberatung
http://sys4.de
GPG Key ID: E9ED159B
53°37'09,95"N
10°08'02,42"E

References:
- Search against multiple databases under
  - From: JOSE L MARTINEZ-AVIAL <jlmagc@gmail.com>

Prev by Date: Search against multiple databases under
Next by Date: LDAPCon 2017 programme now online
Index(es):
- Chronological
- Thread