[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: multiple databases (subordinate) and subschemaSubentry

To: Michael Eichenberger <michael.eichenberger@stepping-stone.ch>
Subject: Re: multiple databases (subordinate) and subschemaSubentry
From: Sebastian Guarino <sguarin@afip.gov.ar>
Date: Thu, 11 Aug 2005 16:14:23 -0300
Cc: OpenLDAP Software <openldap-software@OpenLDAP.org>
In-reply-to: <42FA78FD.4020202@stepping-stone.ch>
Organization: Departamento de Seguridad Informatica
References: <42F8F958.1090906@afip.gov.ar> <42FA78FD.4020202@stepping-stone.ch>
User-agent: Mozilla Thunderbird 1.0.6 (X11/20050726)

Oops. I haven't tried the same rootdn without password on the subordinate suffix. Thanks, it worked.

Sebastian Guarino.

Michael Eichenberger wrote:

Hi Sebastian
I've got more or less the same setup, but I've got the same rootdn for all the backend's and the rootpw is only mentioned once (the last database definition). I then access the databases with different users, working with ACL's.
See the end of the mail for my example setup.
I have a configuration with two databases like this (one inside the other)
database        bdb
subordinate
suffix          "ou=other,o=org,c=ar"
rootdn          "cn=Manager,ou=other,c=org,c=ar"
rootpw          secret
directory       /var/db/openldap-data/other
lastmod on
database        bdb
suffix          "o=org,c=ar"
rootdn          "cn=Manager,o=org,c=ar"
rootpw          pepe00
directory       /var/db/openldap-data
lastmod on
When I activate the first database (the subordinate one) then I can't search the subschemaSubentry. (0 entries) The schemas can only be searched if I bind with the manager password of the subordinate suffix and not the one from the upper suffix.
#############################
# ou=administration,o=stepping-stone,c=ch
#############################
database        hdb
suffix          "ou=administration,o=stepping-stone,c=ch"
rootdn          "cn=Manager,o=stepping-stone,c=ch"
subordinate
directory       /var/lib/openldap-hdb/stepping-stone/administration
index   objectClass pres,eq
index   entryUUID eq
access to dn.regex="cn=(.+),ou=people,ou=administration,o=stepping-stone,c=ch$" attr=userpassword by dn.regex="cn=$1,ou=people,ou=administration,o=stepping-stone,c=ch" write by anonymous auth by * none
#############################################
# ou=storage,ou=service,o=stepping-stone,c=ch
#############################################
database        hdb
suffix          "ou=storage,ou=service,o=stepping-stone,c=ch"
rootdn          "cn=Manager,o=stepping-stone,c=ch"
subordinate
directory       /var/lib/openldap-hdb/stepping-stone/service/storage
index           objectClass     pres,eq
index           cn,uid          eq
index           entryUUID       eq
index           uidNumber       eq
index           gidNumber       eq
access to dn.subtree="ou=storage,ou=service,o=stepping-stone,c=ch" by group/groupOfUniqueNames/uniqueMember="cn=storage,ou=group,ou=administration,o=stepping-stone,c=ch" read
###########
# MAIN TREE
###########
database        hdb
suffix          "o=stepping-stone,c=ch"
rootdn          "cn=Manager,o=stepping-stone,c=ch"
rootpw          gugus
directory       /var/lib/openldap-hdb/stepping-stone
I know, it doesn't really answer your question, but it works.
Kind regards, Michael

Follow-Ups:
- Re: multiple databases (subordinate) and subschemaSubentry
  - From: Howard Chu <hyc@symas.com>

References:
- multiple databases (subordinate) and subschemaSubentry
  - From: Sebastian Guarino <sguarin@afip.gov.ar>
- Re: multiple databases (subordinate) and subschemaSubentry
  - From: Michael Eichenberger <michael.eichenberger@stepping-stone.ch>

Prev by Date: Re: openldap 2.2.17 and following references
Next by Date: Re: multiple databases (subordinate) and subschemaSubentry
Index(es):
- Chronological
- Thread