Re: multiple databases (subordinate) and subschemaSubentry

Wed, 10 Aug 2005 15:17:58 -0700 

Hi Sebastian
I've got more or less the same setup, but I've got the same rootdn for all the backend's and the rootpw is only mentioned once (the last database definition). I then access the databases with different users, working with ACL's. 

See the end of the mail for my example setup.


I have a configuration with two databases like this (one inside the 
other)


database        bdb
subordinate
suffix          "ou=other,o=org,c=ar"
rootdn          "cn=Manager,ou=other,c=org,c=ar"
rootpw          secret
directory       /var/db/openldap-data/other
lastmod on

database        bdb
suffix          "o=org,c=ar"
rootdn          "cn=Manager,o=org,c=ar"
rootpw          pepe00
directory       /var/db/openldap-data
lastmod on


When I activate the first database (the subordinate one) then I can't 
search the subschemaSubentry. (0 entries)
The schemas can only be searched if I bind with the manager password 
of the subordinate suffix and not the one from the upper suffix.


#############################
# ou=administration,o=stepping-stone,c=ch
#############################
database        hdb
suffix          "ou=administration,o=stepping-stone,c=ch"
rootdn          "cn=Manager,o=stepping-stone,c=ch"
subordinate
directory       /var/lib/openldap-hdb/stepping-stone/administration
index   objectClass pres,eq
index   entryUUID eq


access to 
dn.regex="cn=(.+),ou=people,ou=administration,o=stepping-stone,c=ch$"

 attr=userpassword

 by dn.regex="cn=$1,ou=people,ou=administration,o=stepping-stone,c=ch" 
write

 by anonymous auth
 by * none

#############################################
# ou=storage,ou=service,o=stepping-stone,c=ch
#############################################
database        hdb
suffix          "ou=storage,ou=service,o=stepping-stone,c=ch"
rootdn          "cn=Manager,o=stepping-stone,c=ch"
subordinate

directory       /var/lib/openldap-hdb/stepping-stone/service/storage
index           objectClass     pres,eq
index           cn,uid          eq
index           entryUUID       eq
index           uidNumber       eq
index           gidNumber       eq

access to dn.subtree="ou=storage,ou=service,o=stepping-stone,c=ch"

 by 
group/groupOfUniqueNames/uniqueMember="cn=storage,ou=group,ou=administration,o=stepping-stone,c=ch" 
read


###########
# MAIN TREE
###########
database        hdb
suffix          "o=stepping-stone,c=ch"
rootdn          "cn=Manager,o=stepping-stone,c=ch"
rootpw          gugus
directory       /var/lib/openldap-hdb/stepping-stone

I know, it doesn't really answer your question, but it works.

Kind regards, Michael

--
visit: http://www.stepping-stone.ch
--
e-mail: [EMAIL PROTECTED]
mobile: +41 76 392 36 23
icq: 238901781






















					Reply via email to