[KLUG Members] LDAP question.

[Adam Tauno WIlliams]

> What is a "vis-a-vis global LDAP directory"?  
> How does it differ from a normal OpenLDAP install?  
> Related links where I can read about it?

I've never heard the exact term "vis-a-vis global LDAP directory"
before.  But I'm assume they are referring to using a central referral
service or meta-service (such as resolving a remotes LDAP server via SRV
records and assuming DC naming conventions).

For example

1.) Create an OpenLDAP DSA with the back-srv database.
2.) Point your primary LDAP server at the above DSA as the referral.
2.1.) The referral server is where clients are told to go ask about
information that is outside the scope of the Dit of the DSA first
queried.

So if I send a query for -
 Query:cn=Papa Doc Duvalie Base: dc=Scum,dc=Org 
- to my server it replies to my client with a referral because it
doesn't have "dc=Scum,dc=Org" in its Dit.

3.) The referred to DSA uses back-srv to lookup up the LDAP server in
the Scum.Org domain.
4.) It replies to my client with another referral to that server.
5.) My client queries ldap.scum.org and receives the result.

You also might proxy at the first referral server so that it does the
external query on behalf of the client and replies as though it
contained the Dit of Scum.Org.  Proxies can cache so this can be a big
win if you doing lots of across-the-Internet LDAP searching.  Sort of
like Squid but for LDAP.

But someone might also be operating a manually maintained referral
database.  Where I refer to some central box which then returns a
referall based upon a database it contains.  Several of these have been
attempted they all fail miserably because of scalability problems and
poor participation.  If you want to use such a service SRV resolution is
the way to go;  then you 'magickally' find all the public LDAP servers
in domains that have bothered to post an SRV record.