[389-users] How to do this best with 389ds
Roland Schwingel
Roland.Schwingel at onevision.com
Tue May 18 10:16:43 UTC 2010
Hi...
After a while I got my 389ds ldap now up and running for users accounts,
groups, dns and dhcp. Everything fine fast and stable (even I am running
it on OpenSuse).
But I got a question on how to realize a certain idea with 389ds.
I got a central LDAP directory. It contains all data. I am having
different subnets but want to have a central user management.
Each subnet has different dedicated servers for user homeaccounts and each
subnet has its own ldap server (replication consumer) to which each subnet
referrs to. This is due to security/fault tolerance considerations and
also due to different subsidiaries with sometimes slow network connection.
Example User "John":
He logs in in subnet A (eg from IP 192.168.1.100):
Unix homeaccount: /Servers/SubnetAServer/Users/John
Samba homeaccount: \\SubnetAServer\Users\John
He logs in in subnet B (eg from IP 192.168.2.100):
Unix homeaccount: /Servers/SubnetBServer/Users/John
Samba homeaccount: \\SubnetBServer\Users\John
(It is not possible to mask the servername for each subnet to be the same
by dns).
Means the ldap search needs to return different attribute values when the
search is performed from different subnets (all other values - like uids -
shall remain constant). I don't want to have different user trees. User
sometimes travel from subsidary to subsidary or are using different
subnets at the same time. Can this be done by views or class of service or
some other tricks/plugins? Has anyone done this already?
Thanks in advance,
Roland
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20100518/41ea11af/attachment.html>
More information about the 389-users
mailing list