[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: RFC 3088



At 04:31 AM 2002-06-24, GG Noris wrote:
>Hello to all.
>
>I need a LDAP configuration to store different domains and different
>users for this domains, and If is possible I need use LDAP to store my
>DNS Records for the domanis. In thi configuration I need to do a
>complete search with a single common basedn on all domains ( for
>qmail-ldap ).
>
>I have read the rfc 3088 and it tell to use a   "dc=." to glue all
>domains ( if I have undestasnd correct !!! ) . 

No, it says that the owner of the root domain may use dc=.
as their LDAP naming prefix and, if so, DNS SRV records
for this DN would be availabe directory under the root
domain, e.g. "_ldap._tcp.".

RFC 3088 specifically says that the introduction of dc=.
is not intended to create another DC naming hierarchy.
That is, "example.com" maps to "DC=example,DC=com" not
"DC=example,DC=com,DC=.".

>The question is: this is the best method ??

RFC 3088 is  about how to locate DNs based upon
information held in DNS.  RFC 2247 is about providing
a global LDAP name space based upon DNS names.

Neither RFC is about storing information about domains.

>And if yes is possible for
>me use openldap configured with a single database every single domain ??

If you wanted to.

>Is correct or thereis a muthc better method ???

Well, I suggest you create an OU under YOUR naming suffix
to hold DNS information about your customers.  So, for
example, your DNS information about your customer's example.com
network could be held in:
        dc=example,dc=com,ou=hosted domains,dc=pclinx,dc=it
        
Kurt