HPE Community
Operating System - HP-UX
1833877 Members
2068 Online
110063 Solutions
New Discussion

NIS<->LDAP Gateway, referrals, a distributed LDAP directory and bad headache.

 
Mathias Homann
New Member

‎01-28-2002 01:03 AM

‎01-28-2002 01:03 AM

NIS<->LDAP Gateway, referrals, a distributed LDAP directory and bad headache.

I have to find a way to put up a LDAP tree so that each department has
a) its OWN ldap server
b) its OWN nis<->ldap gateway,
but any given user should be able to login on
ANY workstation ANYWHERE in the network;
or to put it more simple, If I did 'ypcat passwd' on ANY machine ANYWHERE I want to see all accounts from all over the company...

In theory, I'd set up smart referrals or default referrals inside the ldap tree, so that
any ldap server would point to his 'superior' when asked something he doesn't know.
But as I tried this approch, the gateway
doesn't follow those referrals at all, and it follows referrals into subtrees only
sluggishly, and not always...

As it is an experimental installation so far, all ldap servers concerned are on the same
host, running on different high ports.

I also tried the approach to set up a 'parent domain' in ypldapd.conf but that didn't help either..


any hints for me


bye,
M.Homann
0 Kudos
Reply
4 REPLIES 4
harry d brown jr
Honored Contributor

‎01-29-2002 05:53 AM

‎01-29-2002 05:53 AM

Re: NIS<->LDAP Gateway, referrals, a distributed LDAP directory and bad headache.

Why not have a master ldap, and the departmental servers be slaves?

live free or die
harry
Live Free or Die
0 Kudos
Reply
Mathias Homann
New Member

‎01-30-2002 12:08 AM

‎01-30-2002 12:08 AM

Re: NIS<->LDAP Gateway, referrals, a distributed LDAP directory and bad headache.

and then have the nis<->ldap gateways connect to the master?
been there.. done that...
boss says 'no way, no single point of failure'. Besides, the departments are NOT at the same location, so this way would make the ldap queries travel around the world via WAN lines...

bye
MH
0 Kudos
Reply
Mathias Homann
New Member

‎01-30-2002 12:47 AM

‎01-30-2002 12:47 AM

Re: NIS<->LDAP Gateway, referrals, a distributed LDAP directory and bad headache.

besides,

even when I have the nis<->ldap gateway software connect to the topmost ldap server it doesn't follow referrals, but a shell-issued ldapsearch does...

bye
MH
0 Kudos
Reply
Mathias Homann
New Member

‎01-30-2002 02:15 AM

‎01-30-2002 02:15 AM

Re: NIS<->LDAP Gateway, referrals, a distributed LDAP directory and bad headache.

another fact found:

hosts a and b; host a has 4 DS4 instances on different ports, built into a tree via smart referrals.

When I do ldapsearch with the ldap tools from that nis<->ldap gateway, this happens:

when I do it on the same machine that runs the DS4 instances, it follows the referrals down to the last branch.

when I do it on the other machine, it only sees entries in the top-level ldap server.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.