We have a successful OpenLDAP deployment used for Linux/UNIX authentication in University environment. Recently we have been approached by a self-managed research group that would like to use our LDAP server for authentication instead of the currently implemented NIS. However they would like to be able to create local user accounts in their "subtree". Since most of the researchers are already in our LDAP directory is it possible to refer to specific entries in the main tree from their own subtree. For example let's say our tree is called
dc=domain,dc=edu and I want to create a subtree called dc=research,dc=domain,dc=edu on the same server and point the research groups' machines to the newly created subtree. Is it now somehow possible to point e.g. uid=user,cn=users,dc=research,dc=domain,dc=edu ===> uid=user,cn=users,dc=domain,dc=edu Main purpose is not to have to duplicate user entries. I looked into the admin guide and it appears I can only make a referral to a whole subtree ie. subordinate knowledge. Can I do the same for individual entries ? If so does anyone have LDIF examples of how to do it. Thanks, Vladimir -- Vladimir
