[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Fwd: Re: Using referrals
"Tux" <csyap@starnet.gov.sg> wrote:
>I have created 2 separate databases on 2 different ldap servers (Server 1
>and Server 2, both v1.2.11 that comes with RH7). I've managed to tie the 2
>database using a 3rd LDAP server (Server 3,also v1.2.11) so that a search on
>the 3rd LDAP server returns results from both Server1 and Server2.
I am trying to do something similar. Part of my main push will be to see
if I can exactly duplicate behaviour of another (unnamed) directory server
product.
Say I have the following namingContexts (this is a subset of what we
actually have):
namingContexts: ou=People,dc=tamu,dc=edu
namingContexts: dc=tamu,dc=edu
Right now in my openldap testing, ou=People will contain about 110K
entries. When I get the current issues solved, I will have another 4
organizational units ranging from 30k to 110k entries as well.
On my current server I can perform a:
% ldapsearch -h operator -b dc=tamu,dc=edu '(uid=pckizer)' cn sn
dn: uid=c7ae443c9c0278f719d726aef4482ac4, ou=People, dc=tamu, dc=edu
cn: Kizer Philip C
sn: Kizer
Note, the current server's root base is 'dc=tamu,dc=edu', and I did not
tell it to "Automatically chase referrals" (-C).
Now, I attempt to repeat the configuration with Openldap 2.0.7-RELEASE.
If I load the server with this config:
database ldbm
suffix "ou=People,dc=tamu,dc=edu"
directory /data/db/openldap/people
rootdn "cn=DSA Manager,dc=tamu,dc=edu"
rootpw secret
database ldbm
suffix "dc=tamu, dc=edu"
directory /data/db/openldap/root
rootdn "cn=DSA Manager,dc=tamu,dc=edu"
rootpw secret
and this LDIF:
dn: dc=tamu,dc=edu
objectclass: dcObject
objectclass: organization
o: Texas A and M University
dc: tamu
dn: cn=Manager,dc=tamu,dc=edu
objectclass: organizationalRole
cn: Manager
dn: ou=People,dc=tamu,dc=edu
objectclass: top
objectclass: organizationalUnit
ou: People
dn: uid=pckizer,ou=People,dc=tamu,dc=edu
objectClass: person
cn: Philip C Kizer
sn: Kizer
I can get the following:
% ldapsearch -x -C -LLL '(cn=*)'
dn: cn=Manager,dc=tamu,dc=edu
objectClass: organizationalRole
cn: Manager
% ldapsearch -x -C -LLL -b ou=People,dc=tamu,dc=edu '(cn=*)'
dn: uid=pckizer,ou=People,dc=tamu,dc=edu
objectClass: person
cn: Philip C Kizer
sn: Kizer
And if I add the following LDIF:
dn: ref="***.tamu.edu/ou=People",dc=tamu,dc=edu
objectclass: referral
ref: ldap://***.tamu.edu/ou=People,dc=tamu,dc=edu
Then my queries produce the following:
% ldapsearch -x -LLL '(cn=*)'
dn: cn=Manager,dc=tamu,dc=edu
objectClass: organizationalRole
cn: Manager
# refldap://***.tamu.edu/ou=People,dc=tamu,dc=edu
% ldapsearch -x -LLL -C '(cn=*)'
dn: cn=Manager,dc=tamu,dc=edu
objectClass: organizationalRole
cn: Manager
dn: uid=pckizer,ou=People,dc=tamu,dc=edu
objectClass: person
cn: Philip C Kizer
sn: Kizer
Is there a way, and does it make sense, to make the server split the
suffixes/bases between the different LDBMs and still be able to continue to
search just 'dc=tamu,dc=edu' like my current server can without requiring
chasing of referrals to see into ou=People,dc=tamu,dc=edu?
-philip
--
Philip Kizer
USENIX Liaison to Texas A&M University <usenix@tamu.edu>
Texas A&M CIS Operating Systems Group, Unix <pckizer@tamu.edu>