[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Split attributes across servers

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Steve Sullivan

> Hi,
> We'd like to have two servers, each containing part of the
> attributes of a given dn.  For example,
> for a given dn: uid=babs,ou=people,dc=example,dc=org
> the server: ldap://public_server
> would contain the public info for babs, say:  uid, sn, cn, title
> and the server: ldap://secure_server
> would contain the private info for babs, say: homePhone, jpegPhoto
> We want some users only to see the public info,
> which is easy with the standard LDAP auth mechanisms.
> But we want other users to see ALL the attributes,
> public and secure, as a single integrated record.
> Is there a way to integrate these two servers so they
> could return a single record with ALL the attributes?

The function you want is usually a feature of a meta-directory service. This
feature is not currently present in OpenLDAP.

> The reason is that different institutions will host the
> servers, and the secure server folks don't want to manage the
> public info, and the public server folks don't want to know
> the secure info.

> Is there a way to do this?  I read over the the docs on slurpd,
> but didn't see one.

In OpenLDAP 2.2 a read-only service can easily be created by overlaying
back-ldap on top of a local database backend (or another back-ldap instance,
for that matter). The overlay would issue any received search requests to
both the underlying backends and merge the results before sending them to the
client. Supporting writes/updates would require a bit more work, defining the
schema elements that are contributed by each partition. Note - no such
overlay code exists at the moment, but it wouldn't take much effort to write

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support