[Date Prev][Date Next]
Re: subordinate referrals for an OpenLDAP->AD
- To: "Shahzad, Saleem" <ShahzadS@csps.com>
- Subject: Re: subordinate referrals for an OpenLDAP->AD
- From: Robert Petkus <firstname.lastname@example.org>
- Date: Fri, 30 Sep 2005 11:55:02 -0400
- Cc: OpenLDAP software list <openldap-software@OpenLDAP.org>
- In-reply-to: <0742ACF7121C064FABA7F16A2FCBFA0504C6BF94@luke04.genesis.csps.com>
- References: <0742ACF7121C064FABA7F16A2FCBFA0504C6BF94@luke04.genesis.csps.com>
- User-agent: Mozilla Thunderbird 1.0.2-1.3.3 (X11/20050513)
Shahzad, Saleem wrote:
You can do this sort of proxy with the meta backend by specifying a
separate uri list for each superset (dc=internalx,dc=example,dc=com)
rather than creating a proxy for the base (dc=example,dc=com)
We were looking at proxy or subordinate referrals for an OpenLDAP->AD
On subordinate referrals I found that not all the applications I tried to
integrate work well with it (none actually).
For proxies the issue I found was that I could not proxy to a name
a superset of the base dn. For example if I had a base dn of
"dc=example,dc=com" then I could not proxy to another server via
"dc=internal,dc=example,dc=com", but I could do
# Query the appropriate backend servers
ldap://server2 ldap://server3 ldap://server4"
This is will work for mapping attributes but not if you want to use the
pcache overlay which wants only one suffix.
It would be great if LDAP Proxy Resolution was implemented as suggested
in the man page as a possible evolution...
If there is something I missed and this can be done I would be very