mail us  |  mail this page

products  |  company  |  support  |  training  |  contact us

ZYTRAX OPEN LOGO

OpenLDAP Configure Multiple DITs

Each DIT is described by a database section in the slapd.conf file. By defining multiple database sections multiple DITs are defined. Each DIT is discrete and has its own naming-context (or name space). Assume we want to create the following structure in a single LDAP server:

Multiple DITs

slapd.conf

#
###### MULTIPLE DITs ############
#
# NOTES: inetorgperson picks up attributes and objectclasses
#        from all three schemas
include		/usr/local/etc/openldap/schema/core.schema
include		/usr/local/etc/openldap/schema/cosine.schema
include		/usr/local/etc/openldap/schema/inetorgperson.schema


# NO SECURITY - no access clause
# defaults to anonymous access for read
# only rootdn can write

# NO REFERRALS

# DON'T bother with ARGS file unless you feel strongly
# slapd scripts stop scripts need this to work
pidfile /var/run/slapd.pid

# enable a lot of logging - we might need it
# but generates huge logs
loglevel 	-1 

# NO dynamic backend modules

# NO TLS-enabled connections

# backend definition not required

#######################################################################
# FIRST bdb database definitions
# for EXAMPLE.COM
# replace example and com below with a suitable domain
# 
# If you don't have a domain you can leave it since example.com
# is reserved for experimentation or change them to my and inc
#
#######################################################################

database bdb
suffix "dc=example, dc=com"

# root or superuser
rootdn "cn=jimbob, dc=example, dc=com"
rootpw dirtysecret
# The database directory MUST exist prior to running slapd AND 
# change path as necessary
directory	/var/db/openldap/example-com

# Indices to maintain for this directory
# unique id so equality match only
index	uid	eq
# allows general searching on commonname, givenname and email
index	cn,gn,mail eq,sub
# allows multiple variants on surname searching
index sn eq,sub,subintial,subany,subfinal
# optimise department searches
index ou eq
# shows use of default index parameter
index default eq,sub
# indices missing - uses default eq,sub
index telephonenumber

# other database parameters
# read more in sladp.conf reference section
cachesize 10000
checkpoint 128 15
dbnosync
dirtyread
searchstack 5

#######################################################################
# SECOND bdb database definitions
# for EXAMPLE.NET
# replace example and net below with a suitable domain
# 
# If you don't have a domain you can leave it since example.com
# is reserved for experimentation or change them to my and inc
#
#######################################################################

database bdb
suffix "dc=example, dc=net"

# root or superuser
rootdn "cn=jimbob, dc=example, dc=net"
rootpw dirtysecret
# The database directory MUST exist prior to running slapd AND 
# change path as necessary - separate directory from
# FIRST section
directory	/var/db/openldap/example-net

# Indices to maintain for this directory
# unique id so equality match only
index	uid	eq
# optimise department searches
index ou eq
# shows use of default index parameter
index default eq,sub
# indices missing - uses default eq,sub
index telephonenumber

# other database parameters
# read more in sladp.conf reference section
cachesize 10000
checkpoint 128 15
dbnosync
dirtyread
searchstack 5

Obviously you need to stop and start the LDAP server to pick up this new file. Then run an LDIF as shown below using ldapadd.

LDIF

This LDIF assumes that EXAMPLE.COM already exists - we are simply adding EXAMPLE.NET.

# add example.net to an existing LDAP server
version: 1

dn: dc=example,dc=net
dc: example
description: Example Network Operations
objectClass: dcObject
objectClass: organization
o: Example, Inc.

dn: ou=people, dc=example,dc=net
ou: people
description: All people in organisation
objectClass: organizationalUnit

This LDIF assumes that we are adding both EXAMPLE.COM and EXAMPLE.NET.

# add both example.com and example.net

# FIRST add example.com
version: 1

dn: dc=example,dc=com
dc: example
description: Example Company
objectClass: dcObject
objectClass: organization
o: Example, Inc.

dn: ou=people, dc=example,dc=com
ou: people
description: All people in organisation
objectClass: organizationalUnit

# SECOND add example.net
version: 1

dn: dc=example,dc=net
dc: example
description: Example Network Operations
objectClass: dcObject
objectClass: organization
o: Example, Inc.

dn: ou=people, dc=example,dc=net
ou: people
description: All people in organisation
objectClass: organizationalUnit

Up Arrow

Copyright © 1994 - 2014 ZyTrax, Inc.
All rights reserved. Legal and Privacy
site by zytrax
Hosted by super.net.sg
web-master at zytrax
Page modified: September 17 2013.

Contents

tech info
guides home
intro
contents
1 objectives
big picture
2 concepts
3 ldap objects
quickstart
4 install ldap
5 samples
6 configuration
7 replica & refer
reference
8 ldif
9 protocol
10 ldap api
operations
11 howtos
12 trouble
13 performance
14 ldap tools
security
15 security
appendices
notes & info
ldap resources
rfc's & x.500
glossary
ldap objects
change log

Creative Commons License
This work is licensed under a Creative Commons License.

If you are happy it's OK - but your browser is giving a less than optimal experience on our site. You could, at no charge, upgrade to a W3C STANDARDS COMPLIANT browser such as Firefox

web zytrax.com

Share Page

share page via facebook tweet this page submit page to stumbleupon submit page to reddit.com

Page Features

Page comment feature Send to a friend feature print this page Decrease font size Increase font size

RSS Feed Icon RSS Feed

Resources

Systems

FreeBSD
NetBSD
OpenBSD
DragonFlyBSD
Linux.org
Debian Linux

Applications

LibreOffice
OpenOffice
Mozilla
SourceForge
GNU-Free SW Foundation

Organisations

Open Source Initiative
Creative Commons

Misc.

Ibiblio - Library
Open Book Project
Open Directory
Wikipedia

SPF Resources

Draft RFC
SPF Web Site
SPF Testing
SPF Testing (member only)

Display full width page Full width page

Print this page Print this page

SPF Record Conformant Domain Logo