1

I need to run 2 LDAP instances on the same ubuntu server which have the same structure (both writing to ou=People,dc=example,dc=org for instance) but have data which should remain separate. The 2 LDAP instances don't need different permissions so I can use the same root DN, and I don't need to have 2 separate ports for tracking/fire-walling purposes.

Is it worth running 2 LDAP instances or can I just run 1 LDAP instance with 2 separate databases?

Do you happen to know publicly available documentation relevant to the topic?

Max
  • 3,373
  • 15
  • 51
  • 71

4 Answers4

1

You cannot have two databases in a single LDAP instance configured for the same base DN (ou=People,dc=example,dc=org). The only way to accomplish this is to run two separate LDAP instances on your system -- which will of course require running them either (a) on two separate portst or (b) bound to two distinct ip addresses. Your use case is a little odd, and if you were able to provide us some of the underlying requirements we might be able to provide you with a better answer.

You can share most of your configuration between the two instances, although you will obviously need different database directories for each instance. You can probably make your life easier by putting common configuration options in one file and using the include directive to source that into the per-instance configurations.

larsks
  • 41,276
  • 13
  • 117
  • 170
  • We are running different dev environments. To reduce hosting cost we have servers which host several environments, hence 2 LDAP instances on the same server with the same base DN. The `include` idea is good and should facilitate the maintenance. – Max Jul 11 '11 at 14:15
0

I'm quite sure it's not possible to have two different databases with the same base DN.

So your only bet is to use two instances.

As far as documentation, I recommend "LDAP for Rocket Scientists" http://www.zytrax.com/books/ldap/

Hubert Kario
  • 6,351
  • 6
  • 33
  • 65
0

Depending on how you would distinguish the 2 instances, you could also use http://myvd.sourceforge.net/ to present only one server to the world.

02strich
  • 61
  • 5
0

You can configure two instance with same base dn on same system. Both will run on different port no. Try using 389 directory server & install two instances in same machine.

Another possible solution I can think of is to have two databases with different name dc=example,dc=com & dc=example1,dc=com in OpenLDAP 2.4 & use slapo-rwm to show entries of dc=example1,dc=com as dc=example,dc=com, For clients it will be transparent. same basedn, Same IP & same port.

Hope that helps.

atvt
  • 444
  • 4
  • 11