[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: how to extend a remote database with local entries ?



Hi,

Oren Laadan <orenl@cs.columbia.edu> writes:

> Hi,
>
> I want to setup a local ldap server for my team that will extend a remote
> ldap server (whose database is inaccessible to me and I cannot simply
> replicate) with a small number (less than 100) of new (local) entries.
> For example, the local server may add entries for new users only in my
> team, but also support authentication of all users in the remote server.
>
> I tried to use back-meta, which seems most suitable for merging data
> from multiple targets. Assume the DN base is "dc=EXAMPLE,dc=COM",
> which is what the clients use.
>
> To set it up, I used the following config snippets:
>
> ...
> moduleload      back_ldap
> moduleload      back_meta
> moduleload      back_bdb
> ...
> backend         bdb
> backend         meta
> ...
> # bdb backend, with a "local" DN base different than the main one\
> # not intended to serve clients, but to serve the meta backend only
> database        bdb
> suffix          "dc=TMP,dc=EXAMPLE,dc=COM"
> readonly        on
> ...
> # meta backend, with the right DN base, serving the clients
> database        meta
> lastmod         off
> suffix          "dc=EXAMPLE,dc=COM"
> uri             "ldaps://REMOTE_SERVER/dc=EXAMPLE,dc=COM"
> uri             "ldaps:///dc=TMP,dc=EXAMPLE,dc=COM"
> suffixmassage   "dc=EXAMPLE,dc=COM" "dc=TMP,dc=EXAMPLE,dc=COM"
> ...

Declare back-bdb as subbordinate to back-meta. Something like

database bdb
suffix dc=tmp,dc=example,dc=com
...
subordinate


database meta
suffix dc=example,dc=com
uri ...
uri ...


-Dieter

-- 
Dieter Klünter | Systemberatung
http://www.dkluenter.de
GPG Key ID:8EF7B6C6