Hi Brett ! For "LDAP aliases" use the standard objectclass "alias" http://tools.ietf.org/html/rfc4512#section-2.6 BR / Antonio P.S: Aliases are solved by the servers (the client must request the way an alias must be treated in parameter "derefAliases" in LDAP "searchRequest" message). Referrals are solved by the client instead (i.e. when the server finds a referral entry it is returned to the client .. and it is the client the one to re-request the LDAP op. towards the refererd entry). Aliases are ONLY valid for search ops (for updates ops you need to "point" to the rigt object, as aliases are ONLY dereferred when searching !!!) but referrals can be used for any LDAP op. (instead)
________________________________ From: openldap-software-bounces+antonio.alonso=ericsson....@openldap.org [mailto:[email protected] rg] On Behalf Of Brett @Google Sent: domingo, 15 de febrero de 2009 4:28 To: [email protected] Subject: referrals for meta directory use Hello, I am looking to learn about meta directories using ldap. So i am looking for a way to create a tree structure which wiull be somewhat dynamic, that has referrals (or aliases - whatever is possible) to a simpler structure in the same directory. something like ("real" data which does not change it's position the DIT) : o=real ou=unit x cn=some person .... ou=unit y cn=some other person then have a vutual structure (whick is both liable and likely to change) o=virtual ou=animal enthusiasts ou=dog fanciers ou=unit x (local referral to o=real, ou=unit x) The intent is to have a "virtual" tree structure that represents a dynamic representation of an organisations's structure, that is presented to the real world, but have the actual data stored in a simple, static structure to minimise configuration change. this would provide an accurate representation of the shifting organisational structure for presentation, but services which would be affected by this frequently moving organisation structure (web or proxy authentication etc.,) point to the static or "real" data so changes to the apparent organisational structure do not affect critical system services. i was thinking this could be implemented by referrals from the "dynamic" part of the tree to the "static" part of the tree, but looking at the referral format it seems to require a hostname, which would in this case be it's own server. i would suspect that it is not proper? for one server to refer to itself, but if it was, is there a syntax for a referral which does not require a hostname (or a way to specify a localtion in the local DIT) in the "ref" attribute, alternatively is there a native alias mechanism which several other servers have, to graft (apparently for queries etc., not in reality) one part of an openldap server's tree to another ? Cheers Brett
