[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: scope: global and local stuff in openldap
On Fri, Sep 19, 2003 at 11:02:41AM +0200, Dieter Kluenter wrote:
> > These global users would/could be located on a central ldap server,
> > at the main office, for example. First I thought about replicating this
> > global branch to each remote office. Any ideas?
> > Thanks.
>
> Wha about running a central meta server which is just proxying your
> global users?
I'm sorry, I don't follow. You mean a meta server at the main site which
looks up the global users at the remote sites?
Anyway, here is what I did so far.
I created a "global" branch at the main server (at the main site). I then
replicate this branch to each remote site.
At the remote site I have two databases, one for the site itself and another
one for the replicated global part.
In order to have the local site "see" the global replicated part I set up
a referral so that searches starting at the local part get this referral and
also search the global part.
Main site:
dc=company,dc=com
/ \
/ \ (other stuff specific to the main site)
+---------+
|ou=global|
| ... | <- this branch is replicated to remote sites
| ... |
+---------+
Remote site
+------------------------------------------------------------------+
| database 1 database 2 |
| +------------------------------+ +---------------------------+ |
| |ou=remote,dc=company,dc=com | |ou=global,dc=company,dc=com| |
| | / \ | | \ | |
| | / \ | | \ | |
| | / referral -->| | ... | |
| | ou=people to local | | ... | |
| | (stuff specific global copy| +---------------------------+ |
| | to "ou=remote") | |
| +------------------------------+ |
+------------------------------------------------------------------+
With this setup, users at the remote site can see the global part without traversing
the WAN link, and changes to the global part are replicated to each remote site.
Comments?