mail us  |  mail this page

contact us
training  | 
tech stuff  | 

OpenLDAP Configure Multiple DITs

Each DIT is described by a database section in the slapd.conf file. By defining multiple database sections multiple DITs are defined. Each DIT is discrete and has its own naming-context (or name space). Assume we want to create the following structure in a single LDAP server:

Multiple DITs

slapd.conf

#
###### MULTIPLE DITs ############
#
# NOTES: inetorgperson picks up attributes and objectclasses
#        from all three schemas
include		/usr/local/etc/openldap/schema/core.schema
include		/usr/local/etc/openldap/schema/cosine.schema
include		/usr/local/etc/openldap/schema/inetorgperson.schema


# NO SECURITY - no access clause
# defaults to anonymous access for read
# only rootdn can write

# NO REFERRALS

# DON'T bother with ARGS file unless you feel strongly
# slapd scripts stop scripts need this to work
pidfile /var/run/slapd.pid

# enable a lot of logging - we might need it
# but generates huge logs
loglevel 	-1 

# NO dynamic backend modules

# NO TLS-enabled connections

# backend definition not required

#######################################################################
# FIRST bdb database definitions
# for EXAMPLE.COM
# replace example and com below with a suitable domain
# 
# If you don't have a domain you can leave it since example.com
# is reserved for experimentation or change them to my and inc
#
#######################################################################

database bdb
suffix "dc=example, dc=com"

# root or superuser
rootdn "cn=jimbob, dc=example, dc=com"
rootpw dirtysecret
# The database directory MUST exist prior to running slapd AND 
# change path as necessary
directory	/var/db/openldap/example-com

# Indices to maintain for this directory
# unique id so equality match only
index	uid	eq
# allows general searching on commonname, givenname and email
index	cn,gn,mail eq,sub
# allows multiple variants on surname searching
index sn eq,sub,subintial,subany,subfinal
# optimise department searches
index ou eq
# shows use of default index parameter
index default eq,sub
# indices missing - uses default eq,sub
index telephonenumber

# other database parameters
# read more in sladp.conf reference section
cachesize 10000
checkpoint 128 15
dbnosync
dirtyread
searchstack 5

#######################################################################
# SECOND bdb database definitions
# for EXAMPLE.NET
# replace example and net below with a suitable domain
# 
# If you don't have a domain you can leave it since example.com
# is reserved for experimentation or change them to my and inc
#
#######################################################################

database bdb
suffix "dc=example, dc=net"

# root or superuser
rootdn "cn=jimbob, dc=example, dc=net"
rootpw dirtysecret
# The database directory MUST exist prior to running slapd AND 
# change path as necessary - separate directory from
# FIRST section
directory	/var/db/openldap/example-net

# Indices to maintain for this directory
# unique id so equality match only
index	uid	eq
# optimise department searches
index ou eq
# shows use of default index parameter
index default eq,sub
# indices missing - uses default eq,sub
index telephonenumber

# other database parameters
# read more in sladp.conf reference section
cachesize 10000
checkpoint 128 15
dbnosync
dirtyread
searchstack 5

Obviously you need to stop and start the LDAP server to pick up this new file. Then run an LDIF as shown below using ldapadd.

LDIF

This LDIF assumes that EXAMPLE.COM already exists - we are simply adding EXAMPLE.NET.

# add example.net to an existing LDAP server
version: 1

dn: dc=example,dc=net
dc: example
description: Example Network Operations
objectClass: dcObject
objectClass: organization
o: Example, Inc.

dn: ou=people, dc=example,dc=net
ou: people
description: All people in organisation
objectClass: organizationalUnit

This LDIF assumes that we are adding both EXAMPLE.COM and EXAMPLE.NET.

# add both example.com and example.net

# FIRST add example.com
version: 1

dn: dc=example,dc=com
dc: example
description: Example Company
objectClass: dcObject
objectClass: organization
o: Example, Inc.

dn: ou=people, dc=example,dc=com
ou: people
description: All people in organisation
objectClass: organizationalUnit

# SECOND add example.net
version: 1

dn: dc=example,dc=net
dc: example
description: Example Network Operations
objectClass: dcObject
objectClass: organization
o: Example, Inc.

dn: ou=people, dc=example,dc=net
ou: people
description: All people in organisation
objectClass: organizationalUnit

Up Arrow



Problems, comments, suggestions, corrections (including broken links) or something to add? Please take the time from a busy life to 'mail us' (at top of screen), the webmaster (below) or info-support at zytrax. You will have a warm inner glow for the rest of the day.

Contents

tech info
guides home
intro
contents
1 objectives
big picture
2 concepts
3 ldap objects
quickstart
4 install ldap
5 samples
6 configuration
7 replica & refer
reference
8 ldif
9 protocol
10 ldap api
operations
11 howtos
12 trouble
13 performance
14 ldap tools
security
15 security
appendices
notes & info
ldap resources
rfc's & x.500
glossary
ldap objects
change log

Creative Commons License
This work is licensed under a Creative Commons License.

If you are happy it's OK - but your browser is giving a less than optimal experience on our site. You could, at no charge, upgrade to a W3C STANDARDS COMPLIANT browser such as Firefox

Search

web zytrax.com

Share

Icons made by Icomoon from www.flaticon.com is licensed by CC 3.0 BY
share page via facebook tweet this page

Page

email us Send to a friend feature print this page Display full width page Decrease font size Increase font size

Resources

Systems

FreeBSD
NetBSD
OpenBSD
DragonFlyBSD
Linux.org
Debian Linux

Software

LibreOffice
OpenOffice
Mozilla
GitHub
GNU-Free SW Foundation
get-dns

Organizations

Open Source Initiative
Creative Commons

Misc.

Ibiblio - Library
Open Book Project
Open Directory
Wikipedia

Site

CSS Technology SPF Record Conformant Domain
Copyright © 1994 - 2024 ZyTrax, Inc.
All rights reserved. Legal and Privacy
site by zytrax
hosted by javapipe.com
web-master at zytrax
Page modified: January 20 2022.