[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: multiple DIT

To: openldap-technical@openldap.org
Subject: Re: multiple DIT
From: Patrick Laimbock <patrick@laimbock.com>
Date: Thu, 24 Jul 2014 14:00:56 +0200
Authentication-results: gatekeeper.mailguard.nl/0455C521150; dmarc=none header.from=laimbock.com
Authentication-results: gatekeeper.mailguard.nl; spf=pass smtp.mailfrom=patrick@laimbock.com
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=laimbock.com; s=default; t=1406203258; bh=IiVwS3pPe2Uzcz0cD25JoQfAQP+J88P4BK8hXcP7RXM=; h=Date:From:To:Subject:References:In-Reply-To; b=sggyWbUKM3a/T1jZJIAtIwQby3N7sRLCxP86y1EN5Femufo/ibExGUlougFwfjOqh S/lN0R2Qr+dGO8mjtObZnKXfum2/KHnNLdQ08VZ6pMNPCN60M+u+WTBqEHbULUQ5Jj 0/jnJBziEt100MMaqK4E9PbhA/Uj17K4MMig2R0+KhzMWr+NG4ZbaFKqaKVzrH91pD d8MzFNh3HG1TQBFE3mLbGafeEp0XIY/l3WL4bzQ8ix+11Md7DZDT3TiXsmbhViuAMU cKrWakP6ZXwMuiSmhu7erCbXETKcTyiU9m7VEiG9SvAdl4bWHMDQ2VC/6DLcWxfgG+ mrGoeQETLPKzw==
Dmarc-filter: OpenDMARC Filter v1.3.0 gatekeeper.mailguard.nl 0455C521150
In-reply-to: <53CFD6D3.1090706@cim.vipahealth.com>
References: <53CFC249.80403@cim.vipahealth.com> <20140723144634.GA4019@dan.olp.net> <53CFD6D3.1090706@cim.vipahealth.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0

Hi Andres,

On 23-07-14 17:37, andres palomo wrote:


Hi Dan

as per your instructions
I added the olcSuffix

# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
# CRC32 c5bb4c92
dn: olcDatabase={1}hdb
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=com
olcSuffix: dc=net
olcSuffix: dc=net

I think they meant you can use olcSuffix: "" and then add dc=com,dc=net, dc=org subtrees. So I guess something like this:


dn: olcDatabase={1}hdb
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcDbDirectory: /var/lib/ldap
olcSuffix: ""  <<-----
<plus the rest>

OR

Use separate backends for each dc=com, dc=net, dc=org suffixes. I thinkthat means you need to add a separate definition for each suffix. Sosomething like this:


dn: olcDatabase={1}hdb
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcDbDirectory: /var/lib/ldap/COM  <<----- separate dir for dc=com
olcSuffix: dc=com  <<-----
<plus the rest>

dn: olcDatabase={2}hdb
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {2}hdb
olcDbDirectory: /var/lib/ldap/NET  <<----- separate dir for dc=net
olcSuffix: dc=net  <<-----
<plus the rest>

dn: olcDatabase={3}hdb
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {3}hdb
olcDbDirectory: /var/lib/ldap/ORG  <<----- separate dir for dc=org
olcSuffix: dc=org  <<-----
<plus the rest>

If I got it wrong I hope someone in the know will pitch in.

Finally, if you are going to do anything serious with OpenLDAP it hasbeen recommended repeatedly on this list that one should use the latestversion which currently is 2.4.39. And maybe think about using MDBinstead of HDB/BDB if you need better performance.


HTH,
Patrick

Follow-Ups:
- Re: multiple DIT
  - From: Howard Chu <hyc@symas.com>

References:
- multiple DIT
  - From: andres palomo <drpalomo@cim.vipahealth.com>
- Re: multiple DIT
  - From: Dan White <dwhite@olp.net>
- Re: multiple DIT
  - From: andres palomo <drpalomo@cim.vipahealth.com>

Prev by Date: Re: LMDB fragmentation problem (MDB_MAP_FULL)
Next by Date: Re: multiple DIT
Index(es):
- Chronological
- Thread