Page 1 of 1

LDAP server

Posted: Tue Jan 23, 2007 7:40 am
by murlopaz
Hi everybody. I am in a pretty delicate situation.
Story:
There is a ldap server set up for our company that has several branches.
There are some field support people in our branch that don't have an account in AD on the central server.
I though that it would be a good idea to set up another ldap server in our branch just to add users that are not in the central AD.

Note: I am not sure if I expressed myself correctly, but any suggestions will be much appreciated. The main problem here is that there are field support people in our company that don't have an account in AD, and it is impossible for the to have one at the moment on the central server.

Thanks a lot!

Posted: Tue Jan 23, 2007 9:18 am
by Jenk
I didn't think that was possible, as the primary purpose of AD/LDAP is to have everything "centralised" so that you don't get separation like that?

Posted: Tue Jan 23, 2007 9:52 am
by pickle
I've never heard of the 'branch' terminology, but I imagine that means a new context in the LDAP tree?

For example, if your main context (or branch) is o=YourOrg, you want to make a new context ou=NewBranch o=YourOrg correct?

You can go ahead & give your field people accounts in your new branch, but it might not do a lick of good. If the applications & authentication systems that access only o=YourOrg & don't search recursively, then those new accounts will never be found.

Posted: Tue Jan 23, 2007 10:06 am
by murlopaz
what i meant by branch is : separate ldap server.
As I said before we can't add certain users to the central ldap, that's why we thought of setting up a ldap server in our building.

Posted: Tue Jan 23, 2007 10:09 am
by pickle
I don't think it matters what server the data is stored on, just what context the new data is in.

Posted: Tue Jan 23, 2007 10:13 am
by Jenk
You'd need a separate domain for that too, I'd have thought.

Anyway, I've got minimal experience with it, so have the linux LDAP howto:

http://www.tldp.org/HOWTO/LDAP-HOWTO/