Hi...
After a while I got my 389ds ldap now
up and running for users accounts, groups, dns and dhcp. Everything fine
fast and stable (even I am running it on OpenSuse).
But I got a question on how to realize
a certain idea with 389ds.
I got a central LDAP directory. It contains
all data. I am having different subnets but want to have a central user
management.
Each subnet has different dedicated
servers for user homeaccounts and each subnet has its own ldap server (replication
consumer) to which each subnet referrs to. This is due to security/fault
tolerance considerations and also due to different subsidiaries with sometimes
slow network connection.
Example User "John":
He logs in in subnet A (eg from IP 192.168.1.100):
Unix homeaccount: /Servers/SubnetAServer/Users/John
Samba homeaccount: \\SubnetAServer\Users\John
He logs in in subnet B (eg from IP 192.168.2.100):
Unix homeaccount: /Servers/SubnetBServer/Users/John
Samba homeaccount: \\SubnetBServer\Users\John
(It is not possible to mask the servername
for each subnet to be the same by dns).
Means the ldap search needs to return
different attribute values when the search is performed from different
subnets (all other values - like uids - shall remain constant). I don't
want to have different user trees. User sometimes travel from subsidary
to subsidary or are using different subnets at the same time. Can this
be done by views or class of service or some other tricks/plugins? Has
anyone done this already?
Thanks in advance,
Roland