Re: Can one slapd have two roots?

["Pierangelo Masarati" <ando@sys-net.it>]

> I home I have my own dc=home,dc=lan.  I was thinking I'd like to set up
> some other ones for a few corps. I'm involved with.  Can I do that with
> one, then just change my baseDN as necessary, or must I run separate
> slapds, one for each?
>
> If you can do multiple, does each one require its own Manager account?
> Is there such a thing as a single Manager account for all the roots?
> Kinda like a DN of "cn=Manager" that write privileges to everything on
> the slapd?

In principle you can; you can follow two policies:

1) add as many databases as are the suffixes you need to serve
2) use one database rooted at ""

case 1) requires to define as many databases as are the suffixes
you need to serve; in this case you cannot have a single rootdn,
but you can work it around by allowing one rootdn write privileges
to the others; another drawback is that if you need to add a new
suffix you need to restart slapd
case 2) allows you to add new "suffixes", which now are simply
children of "", without restarting slapd; the rootdn is one
by definition; a drawback is that you're really mixing things that
have nothing to do with eachother.

As you can see the two approaches have advantages and drawbacks;
you need to weigh them according to your needs.

p.

-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it