Content preview: Am Fri, 9 Oct 2015 09:42:28 +0200 (CEST) schrieb Steffen Kaiser
<***@vmail.inf.h-brs.de>: > Hi, > > I currently have a local
OpenLDAP v2.4.40 with a bdb backend and > another instance with a ldap backend
proxying binds and queries to an > AD. > > The bdb backend serves just one
suffix: > > dc=example,dc=com > > The AD serves several suffixes: > > dc=example,dc=com
(same as local one) > dc=example,dc=net > dc=otherexample,dc=com > dc=anotherexample,dc=net
dc=example,dc=com, which is served by both > servers, are disjunct. There
is no DN, which is located on both > servers. There will be some name problems,
but these can be handled > by organisational means. > > ==== > > My first
problem is that I cannot make bind work for DNs with > suffix dc=example,dc=com,
which are located on the 2nd backend. In > fact, there are very few DNs of
that suffix on the 2nd server, but > there are. I would like that bind first
tries the first (local) > server and, if the DN is missing there, the second
server (the proxy). > > Currently, only the local backend is queried. > >
==== > > What would be the best solution to forward a bunch of suffixes to
the > LDAP backend? [...]

Content analysis details: (-1.9 points, 5.0 required)

pts rule name description
---- ---------------------- --------------------------------------------------
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: sys4.de]
-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
[score: 0.0000]

Am Fri, 9 Oct 2015 09:42:28 +0200 (CEST)
slapd-relay(5) as subordinate database, and probably suffix "" on
superior database.

-Dieter