[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Can I bind to server with DN not on server ?



Howard Chu wrote:

If you're using OpenLDAP 2.1 or newer, you can use back-ldap for distributing
the tree instead of using referrals. In this case, all of the naming contexts
will be defined on all of the servers, but some portions will be local
databases and some portions will be proxied via back-ldap. So in effect all
of your binds will always be contained within any of the servers' naming
contexts.

In server A:

database ldap
suffix ou=nyc,o=xyz
subordinate
uri ldap://serverB

database ldap
suffix ou=dca,o=xyz
subordinate
uri ldap://serverC

database bdb
suffix o=xyz

In server B:

database bdb
suffix ou=nyc,o=xyz
subordinate

database ldap
suffix ou=dca,o=xyz
subordinate
uri ldap://serverC

database ldap
suffix o=xyz
uri ldap://serverA

(And server C is pretty much configured like server B)




Do B & C have to know about each other explicitly or can they get to each other's portion of the tree through A ? like so:


In server A (same as before):

database ldap
suffix ou=nyc,o=xyz
subordinate
uri ldap://serverB

database ldap
suffix ou=dca,o=xyz
subordinate
uri ldap://serverC

database bdb
suffix o=xyz

In server B (no direct knowledge of C):

database bdb
suffix ou=nyc,o=xyz
subordinate

database ldap
suffix o=xyz
uri ldap://serverA


Thanks for your help, Tom

--
Tom Riddle
HighStreet Networks
www.highstreetnetworks.com