Dieter made a good note. But, thinking on this a bit more, why does the location of the account entry even matter? Is the LDAP application written against a specific container rather than using a filter to find the accounts? If it's the latter, the only issue you would have are any references to the original DNs (e.g., as a member in a groupOfNames object), in which case Dieter's comment applies.
--- Puryear Information Technology, LLC Baton Rouge, LA * 225-706-8414 http://www.puryear-it.com Author: "Best Practices for Managing Linux and UNIX Servers" "Spam Fighting and Email Security in the 21st Century" Download your free copies: http://www.puryear-it.com/publications.htm Saturday, February 10, 2007, 1:42:17 AM, you wrote: > Hi, > This may sound like a bit of a crazyish question but comes from a need to > "hack" our way around a poor original LDAP layout with little time and > resources to throw at the problem at the moment ...so, the problem is. > We currently have all of our users under: ou=people,dc=xyz,dc=com,dc=au > Our new layout we'd like to have users at: > ou=users,ou=contact,dc=xyz,dc=com,dc=au > Easy so far. To avoid having to maintain two lists of users until every > machine using LDAP for auth can be updated we're hoping there is some way > ou=people could "refer" to ou=contacts,ou=users. > Using a referral object didn't seem to work, and in fact seemed to take > out our test ldap server when we tried, though admittedly that could have > been due to mis-use of the referral object. > We're running openLDAP 2.2.13 on RHEL4 > TIA. > Shane. > --- > You are currently subscribed to [email protected] as: [EMAIL PROTECTED] > To unsubscribe send email to [EMAIL PROTECTED] with the word > UNSUBSCRIBE as the SUBJECT of the message. --- You are currently subscribed to [email protected] as: [EMAIL PROTECTED] To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the SUBJECT of the message.
