Re: Multiple ldap servers support with nslcd
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
Re: Multiple ldap servers support with nslcd
- From: Arthur de Jong <arthur [at] arthurdejong.org>
- To: cool dharma06 <cooldharma06 [at] gmail.com>, nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: Re: Multiple ldap servers support with nslcd
- Date: Sat, 01 Jun 2024 13:48:42 +0200
On Thu, 2024-05-30 at 17:49 +0530, cool dharma06 wrote:
> I have few queries regarding the same:
> Does nslcd configration support multiple different LDAP servers> If
> so, could you please share the sample configuration to achieveĀ it.
You can use multiple LDAP servers to configure them as fail-overs of
each other in nslcd. They are expected to have the same content.
If you want to combine data from multiple LDAP servers I think your
best bet it to either send up a LDAP proxy (using the pcache overlay)
or use referral objects in a LDAP server to look up data from other
LDAP servers (the client then follows referrals).
A referral object looks like (from the test suite):
dn: ou=ref,ou=people,dc=test,dc=tld
ou: ref
objectClass: referral
objectClass: extensibleObject
ref: ldap://localhost/ou=lotsofpeople,dc=test,dc=tld
An old slapd.conf snippet (probably should be updated to current slapd
configuration):
moduleload back_bdb
moduleload back_ldap
moduleload back_meta
moduleload back_relay
moduleload pcache
moduleload rwm
database meta
suffix "dc=tld"
uri "ldap://host1/dc=domain1,dc=tld";
uri "ldap://host2/dc=domain2,dc=tld";
uri "ldap://host3/dc=domain3,dc=tld";
overlay pcache
pcache bdb 100000 1 1000 100
pcacheAttrset 0 *
pcacheTemplate (cn=) 0 3600 60
pcacheTemplate (uid=) 0 3600 60
pcacheTemplate (uidNumber=) 0 3600 60
pcacheTemplate (mail=) 0 3600 60
This does mean that all the directories that you want to combine are
all under a common top-level entry and don't overlap.
Hope this helps,
--
-- arthur - arthur@arthurdejong.org - https://arthurdejong.org/ --
