[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Referrals



Hi,

Or Goshen a Ãcrit :
> Hello
> 
> I have the following situation and would like to know your opinion on
> the matter:
> 
> I have 2 slapd servers A and B, both require simple authentication and
> are not open for anonymous access.
> What I would like to do is setup a node on A that would reference the
> root of B and would allow me to perform read/write to it.
> 
> I tried so far:
> 
> 1. Setup a "referral" objectClass on A in the following manner:
> 
> dn: dc=B,ou=Subservers,dc=example,dc=com
> dc: B
> objectClass: referral
> objectClass: extensibleObject
> ref: ldap://B/dc=example,dc=com
> 
> That didnt work since B requires authentication. So I tried this:
> 
> dn: dc=B,ou=Subservers,dc=example,dc=com
> dc: B
> objectClass: referral
> objectClass: extensibleObject
> ref:
> ldap://??B??!bindname=cn=Manager%2cdc=example%2cdc=com/dc=example,dc=com
> 
> Didnt work either (authentication extension not supported ?).
> 
> 2. slapd apparently supports an "ldap" backend/database. Problem is that
> there is no real documentation here
> <http://www.openldap.org/doc/admin24/slapdconf2.html> or here
> <http://www.openldap.org/doc/admin24/slapdconfig.html> on how to set
> them up. Anybody ever setup such a database/backend ? does it support
> authentication ? any examples I can take a look at ?

You'll find information on about the ldap backend in the FAQ:
http://www.openldap.org/faq/data/cache/532.html

I have used them quite a few times, either back-ldap or back-meta. They
both support authentication.

> I dont want to replication B on A, I just want to act as a proxy.

Proxy is definitely the way to go, using rewrite to integrate your B
server in A's tree (see man slapo-rwm).

Regards,
Jonathan
-- 
Jonathan Clarke

Cellule OSSA - Groupe LINAGORA
27 rue de Berri, 75008 Paris
TÃl: 01 58 18 68 28, fax: 01 58 18 68 29
http://www.linagora.com - http://www.08000linux.com