[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Separate trees openldap
- To: openldap-technical@openldap.org
- Subject: Re: Separate trees openldap
- From: Dieter Klünter <dieter@dkluenter.de>
- Date: Mon, 30 Apr 2018 10:10:51 +0200
- In-reply-to: <CAKv0VtJEcA-gHyz0qsGYQrKKUcCQxWA+MHhVmshTFibunNRu=g@mail.gmail.com>
- Organization: AVCI
- References: <CAKv0VtJEcA-gHyz0qsGYQrKKUcCQxWA+MHhVmshTFibunNRu=g@mail.gmail.com>
Am Thu, 26 Apr 2018 09:33:56 -0300
schrieb seguranca informacao <cerberus.seginfo@gmail.com>:
> Hi guys,
>
> I'm trying to accomplish a configuration that I'm not aware of. I
> need to replicate several directories (AD, openldap, etc) to a unique
> repository (my openldap). The thing is I need to have completely
> separate trees for each domain (client). Any ideas in how to do that?
> bellow is an example what I'm thinking of:
>
>
> dc=example,dc=com
> cn=users
> cn=groups
>
> ------------------------------ complete separation
> dc=domain,dc=com
> cn=users
> cn=groups
>
> ------------------------------ complete separation
> dc=test,dc=ca
> cn=users
> cn=groups
>
> ------------------------------ complete separation
make use of slapd-ldap(5), slapd-relay(5) and slapo-rwm(5)
something like:
database ldap
suffix dc=test,dc=ca
...
database relay
suffix dc=test,dc=example,dc=com
relay dc=test,dc=ca
overlay rw
rwm-suffixmassage "dc=test,dc=example,dc=com" "dc=test,dc=ca"
subordinate
database mdb
suffix dc=example,dc=com
-Dieter
--
Dieter Klünter | Systemberatung
http://sys4.de
GPG Key ID: E9ED159B
53°37'09,95"N
10°08'02,42"E