[Date Prev][Date Next]
Re: Existing AD, how to handle suffix for new OpenLDAP install?
--On Thursday, August 19, 2004 12:21 AM -0400 Jonathan Beasley
We currently have an Active Directory (W2k) domain for our organization,
with a DNS domain name "Enterprise.federation"
So, Active Directory LDAP service has a naming context of
We are moving our email services to qmail-ldap (good-bye Domino!), and I
am presently in the middle of installing an OpenLDAP (2.2.15) server on
one of my shiny, new IBM x335's (running Debian GNU/Linux Sarge 3.1).
Install went fine (well, eventually), but now I'm running into a question
that seems pretty straight-forward, but that I just cannot seem to locate
an answer for anywhere on the internet, or in my two LDAP books (LDAP
System Administration - Gerald Carter, and Implementing LDAP - Mark
Wilcox). The closest I came to a solid answer was here:
Anyway, my question (finally, sorry) is concerning the 'suffix' setting in
slapd.conf. The example in the file is:
which, in my case, would seem to be:
It doesn't have to be that, no. It could be your domain name, which I
thing is its intended purpose.
Like Stanford's is "dc=stanford,dc=edu" since we are the stanford.edu
domain. (DC=Domain Component, IIRC).
"But," surmised I, "wouldn't that step on the toes of my Active Directory
domain, since it is the very same LDAP naming context?"
Not necessarily. Are they going to talk to each other?
Can they share the same suffix?
Probably not if they talk to each other.
Must the new OpenLDAP directory suffix be a subset of the AD LDAP suffix?
Not if they don't talk to each other.
If the OpenLDAP suffix must be a subset of the AD suffix, do I just
arbitrarily pick something for the name of the first domain component of
this new FQDN? The last two domain components are taken from my DNS
Am I making this more difficult than it has to be? :)
I think so. But maybe not.
Principal Software Developer
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html