Am Thu, 10 Aug 2017 12:54:38 -0400 schrieb JOSE L MARTINEZ-AVIAL <jlm...@gmail.com>:
> Hello, > I'm trying to combine my test openldap (MDB database) with my > production AD installation, so I can have the production users access > my test systems. In order to do that I've created two databases in my > slapd.conf, as follows: > > ####################################################################### > # database definitions > ####################################################################### > include /usr/local/etc/openldap/slapd-meta-ad-prd.conf > include /usr/local/etc/openldap/slapd-mdb.conf > > The configuration file for the AD connection is as follows: > > database meta > suffix "dc=bsi,dc=test,dc=com" > uri "ldap://miadc01.mia.usa.sinvest/dc=bsi,dc=test,dc=com" > suffixmassage "dc=bsi,dc=test,dc=com" "dc=mia,dc=usa,dc=sinvest" > idassert-bind bindmethod=simple binddn="cn=Test > User,cn=users,dc=mia,dc=usa,dc=sinvest" credentials=xxxxx > > > The configurtion file for the MDB is: > database mdb > maxsize 1073741824 > > suffix "dc=test,dc=com" > rootdn "cn=Manager,dc=test,dc=com" > > # Cleartext passwords, especially for the rootdn, should > # be avoid. See slappasswd(8) and slapd.conf(5) for details. > # Use of strong authentication encouraged. > # Added by pplu to support root authentication > rootpw xxxxxxx > # The database directory MUST exist prior to running slapd AND > # should only be accessible by the slapd and slap tools. > # Mode 700 recommended. > directory /usr/local/var/openldap-data/mdb > # Indices to maintain > index objectClass eq > overlay memberof > memberof-group-oc groupOfUniqueNames > memberof-member-ad uniquemember > > So the first database uses the sufix "dc=bsi,dc=test,dc=com", and the > second one uses "dc=test,dc=com". The idea is that the AD would > appear as a branch of the development database. I've found that I can > search the AD by using the search DN "dc=bsi,dc=test,dc=com", but if > I try to look with DN "dc=test,dc=com", only the test database is > searched. The search does not combine both databases. How can I do it? You may consider to glue both databases to a single namingContext by declaring "dc=bsi,dc=test,dc=com" as subordinate database, see man slapd.conf(5). But this requires a single rootDN. -Dieter -- Dieter Klünter | Systemberatung http://sys4.de GPG Key ID: E9ED159B 53°37'09,95"N 10°08'02,42"E