Re: Separate trees openldap

2018-05-01 Thread Quanah Gibson-Mount 
--On Thursday, April 26, 2018 10:33 AM -0300 seguranca informacao 
 wrote:









Hi guys,

I'm trying to accomplish a configuration that I'm not aware of. I need to
replicate several directories (AD, openldap, etc) to a unique repository
(my openldap). The thing is I need to have completely separate trees for
each domain (client). Any ideas in how to do that? bellow is an example
what I'm thinking of:


If you don't want to relay (as Dieter provided an example of), you can have 
multiple databases, one per suffix.


--Quanah

--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:

Re: Separate trees openldap

2018-04-30 Thread Dieter Klünter 
Am Thu, 26 Apr 2018 09:33:56 -0300
schrieb seguranca informacao :

>  Hi guys,
> 
> I'm trying to accomplish a configuration that I'm not aware of. I
> need to replicate several directories (AD, openldap, etc) to a unique
> repository (my openldap). The thing is I need to have completely
> separate trees for each domain (client). Any ideas in how to do that?
> bellow is an example what I'm thinking of:
> 
> 
> dc=example,dc=com
>  cn=users
>  cn=groups
> 
> -- complete separation
> dc=domain,dc=com
>  cn=users
>  cn=groups
> 
> -- complete separation
> dc=test,dc=ca
>  cn=users
>  cn=groups
> 
> -- complete separation

make use of slapd-ldap(5), slapd-relay(5) and slapo-rwm(5)
something like:

database ldap
suffix dc=test,dc=ca
...
database relay
suffix dc=test,dc=example,dc=com
relay dc=test,dc=ca
overlay rw
rwm-suffixmassage  "dc=test,dc=example,dc=com" "dc=test,dc=ca"
subordinate

database mdb
suffix dc=example,dc=com

-Dieter

-- 
Dieter Klünter | Systemberatung
http://sys4.de
GPG Key ID: E9ED159B
53°37'09,95"N
10°08'02,42"E

Separate trees openldap

2018-04-29 Thread seguranca informacao 
 Hi guys,

I'm trying to accomplish a configuration that I'm not aware of. I need to
replicate several directories (AD, openldap, etc) to a unique repository
(my openldap). The thing is I need to have completely separate trees for
each domain (client). Any ideas in how to do that? bellow is an example
what I'm thinking of:


dc=example,dc=com
 cn=users
 cn=groups

-- complete separation
dc=domain,dc=com
 cn=users
 cn=groups

-- complete separation
dc=test,dc=ca
 cn=users
 cn=groups

-- complete separation

thx,

sergio