meta backend is one thing I found too when I were looking for some
solution and I thought I should also try. I had not yet the time to try
it but every where I saw his usage it is to map ou=suffix1 and
ou=suffix2 to "a third suffix".
In my case I have my local db with a suffix of dc=base,dc=dn. The remote
database has also a suffix of dc=base,dc=dn. And what I want is to have
on the unified view a suffix of dc=base,dc=dn too. Something like
ou=suffix1,dc=base,dc=dn and ou=suffix2,dc=base,dc=dn is not what I'm
looking for.
Maybe you can confirm that it is doable.
Another point in my case is that I have entries that are on both, local
and remote databases, with the same dn's. With a search operation,
remote entries should be fetched and what is on the local database
should append/override remote's entries before being displayed.
Have you by chance, be confronted to a case like this with your setup ?
Le 2016-01-08 21:47, jason cafarelli a écrit :
I used suffix massage to combine customer LDAP with my local LDAP
server; this allows us to have internal users. Documentation on doing
this is very sparse.
Client side; sssd points at dc=local.
# BDB database definitions
#######################################################################
#local database b
database bdb
idlcachesize 50000
suffix "dc=b,dc=com"
rootdn "cn=adm,dc=b,dc=com"
rootpw {SSHA}xx
cachesize 50000
dirtyread
dbnosync
checkpoint 128 15
idlcachesize 50000
index objectClass eq
#database meta - COMBINES the LDAP DATABASES
database meta
suffix "dc=local"
rootdn "cn=adm,dc=local"
rootpw {SSHA}xx
#internal LDAP
uri "ldap://127.0.0.1/ou=internal,dc=local [2]"
lastmod off
suffixmassage "ou=internal,dc=local" "dc=b,dc=com"
#external - customer LDAP
#uncomment lines and only change vars inside [] to match env
#
#uri "ldap://[myldap]/ou=external,dc=local";
#lastmod off
#suffixmassage "ou=external,dc=local" "[dc=a,dc=a,dc=com]"
#
JASON K CAFARELLI
Desk: (508) 637-5705 [3] (primary)
Mobile: (508) 215-9712 [4]
[email protected]
--
------------
M. P.
