[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: searching over multiple DNs

Ben wrote:

I've got a couple different suffixes, like so:

database dbd
suffix   "dc=foo,dc=com"

database dbd
suffix   "dc=bar,dc=net"

Each one is populated, and I can search for entries just fine if I use a
proper basedn like so:

ldapldapsearch -x -b 'dc=foo,dc=com' '(mail=bench@foo.com)'
ldapldapsearch -x -b 'dc=bar,dc=net' '(mail=bench@foo.net)'

Okay, so what I want to do is to make one search that searches across all my suffixes. I saw some stuff out there indicating this was possible if I just search the root of the ldap tree, which I would think would mean giving the -b option a null string (-b ''). But that returns no results.

That's used for something else.

Like I said, I'm new to LDAP, so the analogy in my head is that the ldap
database is sorta like a unix directory tree. While I can currently search
for /dc=foo,dc=com/bench or /dc=bar,dc=net/bench, I want to search for
/*/bench. Does that make sense? Is that possible?

You still have to define what's at the top of the tree. x500 and LDAP are designed for world-wide databases.

I rather think of it as like DNS. There is no ultimate TLD in DNS, as there is a / directory in Unix. And even then the analogy would be wrong, since / could be on different hosts. Actually, that's not quite true - Novell's eDirectory makes provision for an ultimate TLD, but x500 doesn't.

What is your ultimate aim? If it's searching for mail=bench@foo.com and mail=bench@foo.net, Postfix and Exim people, for example, do that with Openldap every day (virtual domains). But it's all done within a single tree, using a different approach.


Tony Earnshaw

Millom kaksar eg litet kann trivast, millom jamningar helst er eg nøgd

Mail: billy@billy.demon.nl