I used suffix massage to combine customer LDAP with my local LDAP
server; this allows us to have internal users. Documentation on doing
this is very sparse.
Client side; sssd points at dc=local.
# BDB database definitions
#######################################################################
#local database b
database bdb
idlcachesize 50000
suffix "dc=b,dc=com"
rootdn "cn=adm,dc=b,dc=com"
rootpw {SSHA}xx
cachesize 50000
dirtyread
dbnosync
checkpoint 128 15
idlcachesize 50000
index objectClass eq
#database meta - COMBINES the LDAP DATABASES
database meta
suffix "dc=local"
rootdn "cn=adm,dc=local"
rootpw {SSHA}xx
#internal LDAP
uri "ldap://127.0.0.1/ou=internal,dc=local [2]"
lastmod off
suffixmassage "ou=internal,dc=local" "dc=b,dc=com"
#external - customer LDAP
#uncomment lines and only change vars inside [] to match env
#
#uri "ldap://[myldap]/ou=external,dc=local"
#lastmod off
#suffixmassage "ou=external,dc=local" "[dc=a,dc=a,dc=com]"
#
JASON K CAFARELLI
Desk: (508) 637-5705 [3] (primary)
Mobile: (508) 215-9712 [4]
jason.cae@gmail.com