[Date Prev][Date Next]
Re: Distributed LDAP
> Hi all,
> We're trying to set up a distributed LDAP service and I haven't found
> comprehensive documentation on how accomplish that. Any link to such
> I've got some questions that were answered in this thread:
> However, that thread is 5 years old and maybe things has changed from this
> days. So, I'll repeat some of them. First of all, the scenario: we've got
> servers (oneserver and otherserver). "oneserver" suffix is
> "dc=my-domain,dc=com" and we wanna delegate
> to "otherserver".
> 1) suffix in oneserver is "dc=my-domain,dc=com". Is mandatory suffix in
> "otherserver" to be "ou=People,dc=my-domain,dc=com"?
No; the suffix must be a superior of "ou=People,dc=my-domain,dc=com", so
"ou=People,dc=my-domain,dc=com", "dc=my-domain,dc=com", "dc=com" and ""
would be fine.
> 2) How authentication is accomplished in "otherserver". Suppose that I use
> "user" "cn=proxyuser,dc=my-domain,dc=com" to bind to "oneserver". If I
> on "dc=my-domain,dc=com" and the entry I'm looking for is in
> how 'oneserver' knows which binddn must use? Is the client the responsible
> knowing about it?
Yes. See ldap_set_rebind_proc() (undocumented AFAIK, sorry); example code
is available in back-ldap/bind.c
> Ok, I guess that implementing a distributed ldap services is easier than
> understand my message with my poor english skill ;-) Sorry!
Yes it's supposed to be, but I think you were clear enough ;)
In HEAD/2.3 there's some (silly) example in test032.
SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497