Re: Referrals, Chains, and Subordinate confusion

[Dieter Klünter <dieter@dkluenter.de>]

Am Fri, 8 Jun 2018 19:44:31 +0200
schrieb Chris <chris@gatopelao.org>:

> Hello,
> 
> We're in the process of setting up a new DIT divided up by a handful
> of (o) organizations. We would like to split the DIT up so that each
> organization will sysadmin their own ldap provider containing their
> branch of the DIT.
> 
> There are some examples on the Net on how to use referrals and chains
> and the set up seems to be what we want, and relatively straight
> forward to implement.

You could define a handful independent databases, something like

database o=A

database o=B

all databases controlled by 1 slapd process
man slapd.conf(5) and slapd-mdb(5) 

> 
> But before we begin, I'd like to check. The documentation here is
> confusing. http://www.openldap.org/doc/admin24/referrals.html At the
> bottom of the page, the 2nd Note says "A better approach would be to
> use explicitly defined local and proxy databases in /subordinate/
> configurations to provide a seamless view of the Distributed
> Directory."
> 
> I've scoured the Net for some clues/examples to what this means but
> haven't found anything that helps us much to understand. The same page
> http://www.openldap.org/doc/admin24/referrals.htm says "Subordinate
> knowledge information is maintained in the directory as a special
> /referral/ object" but that seems to enter into conflict with the 2nd
> Note. ??

No.
> There also seems to be a "olcSubordinate" attribute that I can't find
> any information about.
> How does the "local and proxy databases in /subordinate/
> configurations" configuration work? Is it documented anywhere?
> 
> Any pointers or suggestions would be greatly appreciated.

As a start you should get acquainted with RFC4512
https://www.rfc-editor.org/pdfrfc/rfc4512.txt.pdf
and X.500
https://www.itu.int/rec/T-REC-X.500/en


-Dieter

-- 
Dieter Klünter | Systemberatung
http://sys4.de
GPG Key ID: E9ED159B
53°37'09,95"N
10°08'02,42"E