[Date Prev][Date Next] [Chronological] [Thread] [Top]

newbie problem getting suffixes and searches working

Greetings, all! I'm a relatively new user of OpenLDAP and I'm having a little
problem with a project I'm working on.

I'm setting up an LDAP server that will contain information for multiple
organizations. Each organization's tree should be separate so that they don't
appear to be branches of a larger directory, but I need to be able to search
across all of the branches:

dc=domain1.net			dc=domain2.net			dc=domain3.net
entries...			entries...			entries...

Now, in order to be able to add new top level entries (ie to avoid the "no such
object" error), such as dc=domain4.net, I have to add a suffix line to my
slapd.conf file, as stated in the FAQ. That's fine and probably makes sense.
However, as soon as I have a suffix line that has anything other than "" in it,
I can't do a search across all of the domains. A very simple example might be
the search of objectclass=* which with the server configured for a suffix of ""
I'd get a listing of all of the entries in all three domains. With more specific
suffixes listed, I'd get an error of "no such object." 

The only solution I can see is to have two sets of configuration files, one with
the suffix "" line, and one with each of the main branches listed as suffixes.
I'd normally run with the first config file, but when I need to add a new
branch, I'd have to stop the server, switch config files, add the new branch,
shut back down, and restart with the original config file.

Am I trying to do something that's impossible, or am I just missing something?
Hopefully it's not something staring me right in the face.

Thanks in advance for your assistance!

H. William Welliver / Intersil Corporation Mountain Top Systems 
email: hwellive@intersil.com / phone: 570.474.6761 x4445