Hello, Context:
We have 2 directories, 1 Microsoft for domain domain1.fr, 1 Notes for domain domain2.fr. In reality, we have more domains and 3 directories but the problem remains the same. We have an application which can produce only one type of request like the following : ldapsearch -Wxy /tmp/pwdfile -h 127.0.0.1 -D "cn=robot,dc=foo,dc=com" -b "dc=foo,dc=com" "([EMAIL PROTECTED])" We planed to use an intelligent proxy LDAP with rewriting functionalities (openLDAP with backend meta and rewrite rule) to be able to "adapt" the LDAP query to the context (the domain): select the right directory and use the right attribute name. Moreover, to be able to query to 2 LDAP (in a cluster) instead of one for high availability needs. But we don't know how to do this, and not even if it's possible. We have thought to a configuration slapd.conf like that : ---------------------- backend meta database meta suffix "dc=foo,dc=com" lastmod off rootdn "cd=robot,dc=foo,dc=com" rootpw "*****" uri "ldap://ldap1_domain1:389/dc=ad,dc=foo,dc=com" uri "ldap://ldap2_domain1:389/dc=ad,dc=foo,dc=com" rewriteEngine on suffixmassage "dc=ad,dc=foo,dc=com" "dc=domain1,dc=fr" pseudorootdn "cn=subRobot,dc=domain1,dc=fr" pseudorootpw "*****" uri "ldap://ldap1_domain2:389/dc=notes,dc=foo,dc=com" "ldap://ldap2_domain2:389/dc=notes,dc=foo,dc=com" rewriteEngine on suffixmassage "dc=notes,dc=foo,dc=com" "dc=domain2,dc=fr" pseudorootdn "cn=subRobot,dc=domain2,dc=fr" pseudorootpw "*****" ---------------------- So how it's possible to rewrite the search request -b "dc=foo,dc=com" "([EMAIL PROTECTED])" to -b "dc=ad,ou=users,dc=foo,dc=com" "([EMAIL PROTECTED])" or the search request -b "dc=foo,dc=com" "([EMAIL PROTECTED])" to -b "dc=notes,ou=Utilisateurs,dc=foo,dc=com" "([EMAIL PROTECTED])" Note : I already noted a problem with the use of unknown attributes by the proxy openldap such as userPrincipalName Note: Currently I use an openldap package powered by ubuntu dapper and another build powered by redhat el 4 but If it is necessary to rebuild from cvs, it's not a problem. Best regards, -- Johann Heymes. Cyber-Networks -- Net2S Group Consultant Sécurité Informatique, Intégrateur de Solutions. 100, Terrasse Boieldieu Tour Franklin -- La Défense 8 92042 Paris La Défense Cedex Tél. : 01 42 04 95 95 Fax : 01 42 04 95 87 www : http://www.cyber-networks.fr