[Date Prev][Date Next] [Chronological] [Thread] [Top]

Existing AD, how to handle suffix for new OpenLDAP install?


We currently have an Active Directory (W2k) domain for our organization, with a
DNS domain name "Enterprise.federation"
So, Active Directory LDAP service has a naming context of

We are moving our email services to qmail-ldap (good-bye Domino!), and I am
presently in the middle of installing an OpenLDAP (2.2.15) server on one of my
shiny, new IBM x335's (running Debian GNU/Linux Sarge 3.1).

Install went fine (well, eventually), but now I'm running into a question that
seems pretty straight-forward, but that I just cannot seem to locate an answer
for anywhere on the internet, or in my two LDAP books (LDAP System
Administration - Gerald Carter, and Implementing LDAP - Mark Wilcox).  The
closest I came to a solid answer was here:

Anyway, my question (finally, sorry) is concerning the 'suffix' setting in
slapd.conf.  The example in the file is:

suffix      "dc=my-domain,dc=com"

which, in my case, would seem to be:

suffix      "dc=Enterprise,dc=federation"

"But," surmised I, "wouldn't that step on the toes of my Active Directory
domain, since it is the very same LDAP naming context?"

Would it?
Can they share the same suffix?
Must the new OpenLDAP directory suffix be a subset of the AD LDAP suffix? e.g.

suffix      "dc=openldap,dc=Enterprise,dc=federation"

If the OpenLDAP suffix must be a subset of the AD suffix, do I just arbitrarily
pick something for the name of the first domain component of this new FQDN? The
last two domain components are taken from my DNS domain name.

Am I making this more difficult than it has to be? :)

BTW - we are planning to use OpenLDAP for more than just the qmail-ldap

I would be very grateful if someone would help me understand this a little

Thanks much!