On 5/29/06, Richard Megginson <rmeggins at redhat.com> wrote: > > On a test server, I've set up a "master" suffix, "dc=com", and created > > directory links to "dc=one,dc=com" and "dc=two,dc=com". I've added > > the proxy ACI on the One and Two LDAP directories. When I search the > > test server, I can successfully find objects in the One tree, so it's > > half working -- but the Two tree doesn't work. I've check and > > re-checked and everything appears kosher. > Does the other LDAP server have dc=com and two sub suffixes > dc=one,dc=com and dc=two,dc=com? Each with their own "real" database? Thanks for taking the time to reply, Richard... The server with the real databases has two suffixes: "dc=one,dc=com" and "dc=two,dc=com". "dc=com" doesn't exist. Both suffixes have real databaes and work if I query them individually. I wouldn't be so frustrated if nothing was working, but the fact that searching with a base of "dc=com" for a UID that appears in "dc=one,dc=com" works but searching for a UID that appears in "dc=two,dc=com" doesn't is what's really bugging me. I went so far as deleting the "dc=one,dc=com" link, but the Two link still doesn't work, even if it's the only one. The root ACIs on One and Two are exactly the same (with the obvious changes for the different suffixes of course). > > > > Am I barking up the wrong tree? Is there an easier way to do this? > > Should I give up and take up basket weaving as a nice, harmless job, > > and forget systems administration altogether? > It's difficult to say for sure without reviewing all of your configuration. Anything semi-specific you'd be curious about? -- _ Ben Steeves bcs at metacon.ca ( ) The ASCII ribbon campaign ben.steeves at unb.ca X against HTML e-mail GPG ID: 0xB3EBF1D9 / \ http://www.metacon.ca/ascii Yahoo Messenger: ben_steeves
