[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: maintaining uniqueness of uid across subtree's
Sovan_Shatpathy@satyam-infoway.com wrote:
> Hi,
> Here we are trying to use openldap for authentication of users , . The
> schema has been designed in such a way that we have multiple ou's on individiual
> ldbm databse( purpose of seperate backend ldbm database is for selective
> replication) . I have given below a portion of slapd.conf. Here the ou 's being
> chennai and bombay.
>
> database ldbm
> suffix "ou=chennai,o=xyz"
> rootdn "cn=Manager,o=xyz"
> rootpw bumbum
> directory /mail/chennai
>
> database ldbm
> suffix "ou=bombay,o=xyz"
> rootdn "cn=Manager,o=xyz"
> rootpw bumbum
> directory /mail/bombay
>
> database ldbm
> suffix "o=xyz"
> rootdn "cn=Manager,o=xyz"
> rootpw bumbum
> directory /mail/ldbm
>
> index default pres,eq
> index uid,objectClass
> cachesize 1000000
> dbcachesize 500000000
>
> 1. How do we ensure uniqueness of uid across all the subtrees( here the
> subtree being "ou")????
To my knowledge, there's no practical means.
>
> 2. Now consider there is a particular entry (uid=john) which has been populated
> in the ldbm database of ou=chennai . When we give a ldapsearch for that
> particular entry with the BASE as "o=xyz" seach is not happening for all the
> subtrees. it is only searching through the base ldbm database So if a
> particular user is there in ou=chennai then search is successfull only if the
> base is ou= chennai , o= xyz.
> How do we authenticate a user by giving search BASE as "o=xyz" ( not specifing
> the subtrees ie "ou") ???
>
> Any suggestions as to how we can overcome these problems??
You should do something similar to your setup, but you should
pass thru an (experimental) back-meta to merge the three
branches together for search purposes. Your databases can still
reside on one server, though, and you will not have to change
anything fo your implementation, but simply hide everything
behind a new backend. I'd rather tell you to move the two branches
you implemented as separate databases under their common root,
if you hadn't that nasty separate replication requirement.
Take a look at the HEAD of the cvs tree and configure with
--enable-rewrite --enable-meta
then go to
ldap/servers/slapd/back-meta
and take a look at
Documentation
you may also take advantage of the tests/examples that are in
ldap/servers/slapd/back-meta/data
Your setup will be something like
# old stuff
database ldbm
suffix "ou=chennai,o=xyz"
# ...
database ldbm
suffix "ou=bombay,o=xyz"
# ...
database ldbm
suffix "o=xyz"
#...
# new backend
# (you need to call it with a different naming context
# unless you put it on a different machine/port)
database meta
suffix "o=meta,o=xyz"
uri "ldap://localhost/ou=chennai,o=meta,o=xyz";
suffixmassage "ou=chennai,o=meta,o=xyz" "ou=chennai,o=xyz"
# ...
uri "ldap://localhost/ou=bombai,o=meta,o=xyz";
suffixmassage "ou=bombai,o=meta,o=xyz" "ou=bombai,o=xyz"
# ...
uri "ldap://localhost/o=meta,o=xyz";
suffixmassage "o=meta,o=xyz" "o=xyz"
# ...
Have fun!
Pierangelo.
--
Dr. Pierangelo Masarati | voice: +39 02 2399 8309
Dip. Ing. Aerospaziale | fax: +39 02 2399 8334
Politecnico di Milano | mailto:masarati@aero.polimi.it
via La Masa 34, 20156 Milano, Italy | http://www.aero.polimi.it/~masarati