[Date Prev][Date Next]
Re: Multiple suffixes per server
Dave Horsfall wrote:
I don't think that is possible with OpenLDAP, but I'm willing to be
convinced otherwise; I've also been told that this called
"multi-mastering", but I know that that's the wrong term.
The realm of possibility is far greater than any one person can imagine...
Let's say that BigCorp.com (dc=BigCorp,dc=com) has just been taken over by
Cobber.com.au (dc=Cobber,dc=com,dc=au). As is the wont of ways like this,
both need to retain their corporate identities despite the hierarchy, with
the possibility of having the directory available to the public.Of course. A single slapd server can manage multiple databases, and each
database can have a suffix completely independent of the others. But
that's only a very crude beginning of a solution. For corporate mergers,
you eventually will want to be able to present a unified view of the two
separate hierarchies. E.g., you may want everything under
dc=BigCorp,dc=com to appear to be a subtree of dc=Cobber,dc=com,dc=au,
something like ou=BigCorp,dc=Cobber,dc=com,dc=au. OpenLDAP easily
supports this as well, through a variety of mechanisms. The simplest in
OpenLDAP 2.2 would be to use back-ldap with some rewrite rules to point
a subtree at the other. In OpenLDAP 2.3 there are even more efficient
ways to do it:
In other words, I need to serve "dc=BigCorp,dc=com" and
"dc=Cobber,dc=com,dc=au" side by side, on the one server. I can do it
with separate servers, but there is the need to inform client programs
just which server to use (DNS LDAP discovery and 2.3/HEAD?). I can also
run several SLAPD instances on the one server, but again there is the
problem of informing the client (which could be Joe Q. Public).
So, it is possible to run non-overlapping suffixes on one server?
relay dc=BigCorp,dc=com massage
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
Symas: Premier OpenSource Development and Support