Hi, Oren Laadan <[EMAIL PROTECTED]> writes:
> Hi, > > I want to setup a local ldap server for my team that will extend a remote > ldap server (whose database is inaccessible to me and I cannot simply > replicate) with a small number (less than 100) of new (local) entries. > For example, the local server may add entries for new users only in my > team, but also support authentication of all users in the remote server. > > I tried to use back-meta, which seems most suitable for merging data > from multiple targets. Assume the DN base is "dc=EXAMPLE,dc=COM", > which is what the clients use. > > To set it up, I used the following config snippets: > > ... > moduleload back_ldap > moduleload back_meta > moduleload back_bdb > ... > backend bdb > backend meta > ... > # bdb backend, with a "local" DN base different than the main one\ > # not intended to serve clients, but to serve the meta backend only > database bdb > suffix "dc=TMP,dc=EXAMPLE,dc=COM" > readonly on > ... > # meta backend, with the right DN base, serving the clients > database meta > lastmod off > suffix "dc=EXAMPLE,dc=COM" > uri "ldaps://REMOTE_SERVER/dc=EXAMPLE,dc=COM" > uri "ldaps:///dc=TMP,dc=EXAMPLE,dc=COM" > suffixmassage "dc=EXAMPLE,dc=COM" "dc=TMP,dc=EXAMPLE,dc=COM" > ... Declare back-bdb as subbordinate to back-meta. Something like database bdb suffix dc=tmp,dc=example,dc=com ... subordinate database meta suffix dc=example,dc=com uri ... uri ... -Dieter -- Dieter Klünter | Systemberatung http://www.dkluenter.de GPG Key ID:8EF7B6C6
