> Hello all, > > I'm been working with OpenLDAP in a metadirectory configuration -- I'm > using it to provide a merged view of two organization LDAP servers, > along with a local database to support "external collaborators" (that > is, people not otherwise affiliated with our organization). In my > limited testing it seems to be working reasonably well, but I'm not > sure I completely understand all the components. For example, I'm > unsure of the difference between this: > > database meta > > uri ldap://serverA.example.com/ou=A,o=organization > uri ldap://serverB.example.com/ou=B,o=organization > # ...necessary suffix massaging... > > database hdb > suffix o=organization > > And this: > > database ldap > subordinate > suffix ou=A,o=organization > uri ldap://serverA.example.com > # ...rewriting... > > database ldap > subordinate > suffix ou=B,o=organization > uri ldap://serverB.example.com > # ...rewriting... > > database hdb > suffix o=organization > > Both seem to provide the same behavior; a search against > o=organization will search all three directories. Is either > configuration preferable? Is one backend considered more stable than > the other? is there some subtle difference in behavior that I'm > missing? I'd appreciate your input. slapd-ldap(5) and slapd-meta(5) share some of the code. slapd-ldap(5) is usually few features ahead of slapd-meta(5). In general, slapd-meta(5) supports between 90 and 99% of the features of slapd-ldap(5). The main difference between the two setups you mentioned is in long searches that span multiple targets. Slapd-meta(5) operates in parallel, i.e. searches are spawn simultaneously on all pertinent targets, and results are dealt with as soon as they come in. In a glued database layout, searches are performed sequentially. This has nearly no impact for local storage, while it can have a significant impact in the case of proxied remote targets. p.