On Sun, Jan 12, 2003 at 04:47:27PM -0800, Roger Thomas wrote: > database ldbm > suffix "dc=example1,dc=com" > rootdn "cn=admin,o=Administrators,dc=example1,dc=com" > .. > .. > database ldbm > suffix "dc=example2,dc=com" > rootdn "cn=admin,o=Administrators,dc=example2,dc=com"
Put them under the same root DN. They will be distinguished by an _attribute_, for example dn: uid=12345,dc=example,dc=com mail: [EMAIL PROTECTED] dn: uid=12346,dc=example,dc=com mail: [EMAIL PROTECTED] # Root dn is 'dc=example,dc=com' in both cases The client MTA or POP3 server will perform a *search* on the attribute 'mail' (or some other attribute if you want POP3 logins to be different to the E-mail address), which will locate the correct record. Unnecessary levels of hierarchy in the LDAP DN are generally a bad idea. You only need to split them in the way you showed above if you wanted to run the two directory trees on two different servers - and in that case, you get into the nightmare of referrals, and searching becomes inefficient (since you have to run each query on both servers simultaneously). Much better just to run a single DIT. There's a good reference here: http://developer.netscape.com/docs/books/macmillan/ldap/ldapbk.html Chapter 8 - which is conveniently available online for free as a PDF - discusses namespace design. Regards, Brian. ------------------------------------------------------- This SF.NET email is sponsored by: FREE SSL Guide from Thawte are you planning your Web Server Security? Click here to get a FREE Thawte SSL guide and find the answers to all your SSL security issues. http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0026en _______________________________________________ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
