[Date Prev][Date Next] [Chronological] [Thread] [Top]

The general problem with multiple databases

Phil Dodderidge wrote:
> I am trying to partition my data into multiple databases
> for ease of administration and I have run into a problem
> with group access control across databases.
> I have something like the following in my slapd.conf
> ...
> database ldbm
> suffix        "dc=domain,dc=com"
> directory    /usr/local/ldap/db
> ......
> database ldbm
> suffix         "ou=div1,o=company a,dc=domain,dc=com"
> directory    /usr/local/ldap/db/div1

This begs the question of whether or not "dc=" naming
shouldn't have explicit use of dots so that root references
can be made, e.g.:

	suffix "dc=domain.,dc=com.,dc=."

I expect that this would require changing the free referral
service somewhat, but what do people think about this?

Right now, I can't have both:

	suffix "dc=foo,dc=com"


	suffix "dc=foo,dc=net"

easily in one database without redirection through a
referral server.

It seems to me that something like DNS's idea of the
"authoritative" concept is necessary.

Alternately, is anyone interested in working on a draft
to define the interaction of DNS SRV records (which do not
like to be used with a protocol without a per-protocol-RFC
on the subject) with LDAP?

In particular, it seems that it would be difficult to
require clients to forage for the base DN.

-- Terry Lambert
-- Whistle Communications, Inc., an I.B.M. Company
-- terry@whistle.com
This is formal notice under California Assembly Bill 1629, enacted
9/26/98 that any UCE sent to my email address will be billed $50
per incident to the legally allowed maximum of $25,000.