Re: A question about search bases.

[Andrew Findlay <andrew.findlay@skills-1st.co.uk>]

On Sat, Nov 22, 2003 at 10:34:15AM -0700, Rick Stewart wrote:

> I'd like to have separate LDAP trees for each domain --
> dc=domain1,dc=com; dc=domain2,dc=org -- is there a way to search all the
> trees at once? I've perused the documentation, but it seems as though
> I'm the only who wants to do such a thing.

If all your trees reside in the same LDAP server then you might
be able to specify NULLDN (an empty string) as the search base on a
subtree search. This will prevent you from linking to any other LDAP
servers though, so it is not a completely future-proof solution.

Slightly safer idea: put all the trees under a common root. Thus, if
you are bigisp.com you might use ou=customers,dc=bigisp,dc=com which
would give you entries like this:

	dc=domain1,dc=com,ou=customers,dc=bigisp,dc=com
	dc=domain2,dc=org,ou=customers,dc=bigisp,dc=com

You still have to keep all the data in a single LDAP server if you
want quick search results, but at least you are not creating namespace
conflicts that would prevent you from linking up to a global LDAP
service in future. (I run a multi-domain mail service that uses this
structure)

A better solution might be to have the client programs search first
for a list of valid search bases and then issue one search under each.

It all depends on the application - e.g. is white-pages lookup for
presentation to people the most important thing, or is this really a
backend database to drive your mail system.

Andrew
-- 
-----------------------------------------------------------------------
|                 From Andrew Findlay, Skills 1st Ltd                 |
| Consultant in large-scale systems, networks, and directory services |
|     http://www.skills-1st.co.uk/                +44 1628 782565     |
-----------------------------------------------------------------------