[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: searching multiple rootDNs

At 12:28 PM 9/22/00 +0200, Arvid Requate wrote:
>Some days ago I asked if it is possible to search a DIT having several
>root-nodes. Randy Kunkee pointed out that I made a typo in my example,
>so I refine my question:
>I think of having the login information of several domains in one LDAP server,
>each domain having its own root-DN in DC-style, like:
>I'm doing this on openLDAP 2.04 and it just returns the rootDSE when doing
>ldapsearch -x -b '' -s sub '(objectclass=*)'

With subtree scope, it shouldn't return the Root DSE...

>In some posting in the archives someone proposed a base-search with
>searchbase of "cn=config" to find out all rootDNs and then search each one
>seprarately, but this doesn't work.

"cn=config" is a 1.2'ism...  OpenLDAP 2.0 provides the same functionality
via the root DSE.

ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts

>Do I need one common root to be able to do a global search ?

You create a create a namingContext which contains named
referral objects referring to the other namingContexts.
For example, add to the suffic "dc=example,dc=org":
        dn: dc=example,dc=org
        dc: example
        o: example
        objectclass: organization
        objectclass: dcObject

        dn: ou=foo,dc=example,dc=org
        ref: ldap://host/ou=foo,dc=example,dc=org
        objectclass: referral
        objectclass: extensibleObject

        dn: ou=bar,dc=example,dc=org
        ref: ldap://host/ou=bar,dc=example,dc=org
        objectclass: referral
        objectclass: extensibleObject

Then a subtree search for "dc=example,dc=org" will return the
entry "dc=example,dc=org" plus 2 search continuations containing
the above referrals.

Doing this for "" instead of "dc=example,dc=org" doesn't
work as back-ldbm doesn't handling suffix "" well.  (Note:
if back-ldbm did handle this, you actually won't add an
entry DSE named "").