How to hide namingContext in rootDSE ?

["Thomas Chemineau" <tchemineau@linagora.com>]

Hi,

My question is relative to "how to hide a namingContext in rootDSE?". But
for information, I will explain why I need to configure this.

Ref : http://www.openldap.org/lists/openldap-software/200501/msg00494.html

I have two distinct OpenLDAP servers :
- V1 : "o=example" ;
- V2 : "dc=example,dc=com"

I would like to delete the first one, and to allow most of V1's actions on
V2 :
- respond to V1 suffix ;
- take care of DN in search result ;
- take care of DN in uniqueMember ;

For the moment, I have :
- 1 back-ldap on "o=example" ;
  rwm-suffixmassage "o=example" "o=example transitional"
  rwm-map attribute uniqueMember tmpUniqueMember
- 1 back-ldap on "o=example transitional"
  rwm-suffixmassage "o=example transitional" "dc=example,dc=com"
  rwm-map attribute tmpUniqueMember uniqueMember
- 1 back-hdb on "dc=example,dc=com"
  datas... nothing special
- define tmpUniqueMember inherits from member, and used by an auxiliary
  objectclass in my groups

All work fine. DN are rewritten on my uniqueMember's values. But, I think
it is really ugly...

Well now, I have few questions :
1/ Is there a better way to do this, without rewrite V2 values ?
2/ How can I hide my transitional LDAP suffix in the rootDSE ?
3/ Could it be possible to close all on this transitional LDAP backend and
   allow read access only for a particular user which will be use by the
   first LDAP backend (through acl-bind for example) ?

Cheers,
Thomas

--
Thomas Chemineau
Groupe LINAGORA - http://www.linagora.com
Tél.: +33(0)1 58 18 68 28 - Fax : +33(0)1 58 18 68 29