[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Multiple domains searchable

To: Lukas Kubin <kubin@opf.slu.cz>
Subject: Re: Multiple domains searchable
From: Kevin Hildebrand <kevin@hq.ensoport.com>
Date: Mon, 29 Mar 2004 09:18:08 -0500 (EST)
Cc: openldap-software@OpenLDAP.org
In-reply-to: <4067EBCA.9020908@opf.slu.cz>

I am currently doing exactly this- managing multiple domains, with each
domain in its own database.

Each domain's user information appears in a tree like:

ou=members,dc=foo,dc=com

ou=members,dc=bar,dc=com

etc.  Each of these suffixes is contained in its own seperate backend
database.

In order to search for a particular user, I have another table which
contains pointers to the proper location in the user tables.
For instance:

user entry for bob@foo.com:

dn: mail=bob@foo.com,ou=members,dc=foo,dc=com
mail: bob@foo.com
uid: bob
cn: Bob Jones
userPassword: xyzzy
objectClass: Member

user entry for john@bar.com:

dn: mail=john@bar.com,ou=members,dc=bar,dc=com
mail: john@bar.com
uid: john
cn: John Smith
userPassword: xyzzy
objectClass: Member

And then we have the "pointer" entries, one entry for each user in all of
your domains.  All pointer entries go into a single database.

dn: mail=bob@foo.com,ou=authdomain,dc=xyz,dc=com
mail: bob@foo.com
authdn: ou=members,dc=foo,dc=com
objectClass: authEntry

dn: mail=john@bar.com,ou=authdomain,dc=xyz,dc=com
mail: john@bar.com
authdn: ou=members,dc=bar,dc=com
objectClass: authEntry

Then, to find any particular user's entry, look up first in xyz.com, get
the proper basedn from the authdn attribute, and then use that to look up
the final information.

What I REALLY want to be able to do is to make the pointer entries into
LDAP aliases.  That would tremendously simplify things because as I see
it, the LDAP server will then dereference the alias for you, and save you
from having to do two lookups.  However, I haven't been able to get
OpenLDAP to do this, I've beat my head against it for days and I can't get
aliases to work.

So instead, I've had to make minor modifications to each of the clients to
make them do two lookups.

Kevin

On Mon, 29 Mar 2004, Lukas Kubin wrote:

> We are working on an e-mail solution for multiple domains, all contained
> in one LDAP server - multiple databases. We need the smtp server to be
> able to search for an e-mail address through all the domains in one
> query. I guess we need to only use one base for a search filter.
> How should we build our tree then?
> One idea I have is to create an additional object (dc=somecommonname)
> closest to root. Is the following a correct way?
>
> [ROOT]
> dc=somecommonname
> |-dc=company1,dc=com,dc=somecommonname
> |-dc=company2,dc=cz,dc=somecommonname
>
> Is there any other solution for this problem?
>
> Thanks
>
> --
> Lukas Kubin
>
> phone: +420596398275
> email: kubin@opf.slu.cz
>
> Information centre
> The School of Business Administration in Karvina
> Silesian University in Opava
> Czech Republic
> http://www.opf.slu.cz
>

Follow-Ups:
- Re: Multiple domains searchable
  - From: Dieter Kluenter <dieter@dkluenter.de>
- Re: Multiple domains searchable
  - From: Tony Earnshaw <tonye@billy.demon.nl>

References:
- Multiple domains searchable
  - From: Lukas Kubin <kubin@opf.slu.cz>

Prev by Date: Re: Multiple domains searchable
Next by Date: Modifying entries takes ages, slurpd consumes much cpu time, replication way behind
Index(es):
- Chronological
- Thread