[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Distributed LDAP



> Hi all,
>
> We're trying to set up a distributed LDAP service and I haven't found
> comprehensive documentation on how accomplish that. Any link to such
> documentation?
>
> I've got some questions that were answered in this thread:
> http://www.openldap.org/lists/openldap-software/200001/msg00031.html
>
> However, that thread is 5 years old and maybe things has changed from this
> days. So, I'll repeat some of them. First of all, the scenario: we've got
> two
> servers (oneserver and otherserver). "oneserver" suffix is
> "dc=my-domain,dc=com" and we wanna delegate
> "ou=People,dc=my-domain,dc=com"
> to "otherserver".
>
> 1) suffix in oneserver is "dc=my-domain,dc=com". Is mandatory suffix in
> "otherserver" to be "ou=People,dc=my-domain,dc=com"?

No; the suffix must be a superior of "ou=People,dc=my-domain,dc=com", so
"ou=People,dc=my-domain,dc=com", "dc=my-domain,dc=com", "dc=com" and ""
would be fine.

>
> 2) How authentication is accomplished in "otherserver". Suppose that I use
> a
> "user" "cn=proxyuser,dc=my-domain,dc=com" to bind to "oneserver". If I
> query
> on "dc=my-domain,dc=com" and the entry I'm looking for is in
> "otherserver",
> how 'oneserver' knows which binddn must use? Is the client the responsible
> of
> knowing about it?

Yes.  See ldap_set_rebind_proc() (undocumented AFAIK, sorry); example code
is available in back-ldap/bind.c

>
> Ok, I guess that implementing a distributed ldap services is easier than
> understand my message with my poor english skill ;-) Sorry!

Yes it's supposed to be, but I think you were clear enough ;)
In HEAD/2.3 there's some (silly) example in test032.

p.

-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it


    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497