Re: Multiple ldap servers support with nslcd
[Date Prev][Date Next] [Thread Prev][Thread Next]Re: Multiple ldap servers support with nslcd
- From: cool dharma06 <cooldharma06 [at] gmail.com>
- To: Arthur de Jong <arthur [at] arthurdejong.org>
- Cc: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: Re: Multiple ldap servers support with nslcd
- Date: Mon, 10 Jun 2024 09:51:18 +0200
Hi Arthur,
Thanks for your reply.
In my case, we have multiple different ldap servers(openldap, AD) with different binddn, credentials and certs. Is it possible to configure this with nslcd.
ldap1:
binddn: xbinddn
userdn: xuserdn
password: xxxxx
CAcert: xCA
ldap2AD:
binddn: ybinddn
userdn: yuserdn
password: yyyyy
CAcert: yCA
Thanks & regards,
Dharmalingam S
Thanks for your reply.
In my case, we have multiple different ldap servers(openldap, AD) with different binddn, credentials and certs. Is it possible to configure this with nslcd.
ldap1:
binddn: xbinddn
userdn: xuserdn
password: xxxxx
CAcert: xCA
ldap2AD:
binddn: ybinddn
userdn: yuserdn
password: yyyyy
CAcert: yCA
Thanks & regards,
Dharmalingam S
On Sat, Jun 1, 2024 at 1:48 PM Arthur de Jong <arthur [at] arthurdejong.org> wrote:
On Thu, 2024-05-30 at 17:49 +0530, cool dharma06 wrote:
> I have few queries regarding the same:
> Does nslcd configration support multiple different LDAP servers> If
> so, could you please share the sample configuration to achieve it.
You can use multiple LDAP servers to configure them as fail-overs of
each other in nslcd. They are expected to have the same content.
If you want to combine data from multiple LDAP servers I think your
best bet it to either send up a LDAP proxy (using the pcache overlay)
or use referral objects in a LDAP server to look up data from other
LDAP servers (the client then follows referrals).
A referral object looks like (from the test suite):
dn: ou=ref,ou=people,dc=test,dc=tld
ou: ref
objectClass: referral
objectClass: extensibleObject
ref: ldap://localhost/ou=lotsofpeople,dc=test,dc=tld
An old slapd.conf snippet (probably should be updated to current slapd
configuration):
moduleload back_bdb
moduleload back_ldap
moduleload back_meta
moduleload back_relay
moduleload pcache
moduleload rwm
database meta
suffix "dc=tld"
uri "ldap://host1/dc=domain1,dc=tld"
uri "ldap://host2/dc=domain2,dc=tld"
uri "ldap://host3/dc=domain3,dc=tld"
overlay pcache
pcache bdb 100000 1 1000 100
pcacheAttrset 0 *
pcacheTemplate (cn=) 0 3600 60
pcacheTemplate (uid=) 0 3600 60
pcacheTemplate (uidNumber=) 0 3600 60
pcacheTemplate (mail=) 0 3600 60
This does mean that all the directories that you want to combine are
all under a common top-level entry and don't overlap.
Hope this helps,
--
-- arthur - arthur [at] arthurdejong.org - https://arthurdejong.org/ --
- Multiple ldap servers support with nslcd,
cool dharma06
- Re: Multiple ldap servers support with nslcd,
Arthur de Jong
- Re: Multiple ldap servers support with nslcd, cool dharma06
- Re: Multiple ldap servers support with nslcd,
Arthur de Jong
- Prev by Date: Re: Multiple ldap servers support with nslcd
- Next by Date: [PATCH 1/2] Do not try to kill thread that was successfully joined
- Previous by thread: Re: Multiple ldap servers support with nslcd
- Next by thread: [PATCH 0/2] Fix memory corruption on exit path