[UPHPU] LDAP talk notes/audio

David Smith DavidSmith at byu.net
Tue Feb 8 09:06:47 MST 2005 

David,

I'm replying on the uphpu list in case this is of general interest.

This came up on the umich-ldap mailing list last week as well. I suggested
one solution, described below, but I refer you to that thread (you'll have
to search for the archives, I can't seem to find them right now) to see
others' solutions.

This is a common question and goes right back to the design of your LDAP
server. You cannot perform an LDAP search on two containers with one
search command. The solution I recommend, the feasability of which will
depend on your LDAP server, is to create a new OU, perhaps called
ou=ProvoOrem. Then, inside that OU, place referrals to the two OUs of
interest, like this:

ou=ProvoOrem,o=base
    ou=Provo (referral to ou=Provo,o=base)
    ou=Orem  (referral to ou=Provo,o=base)

I'm not sure if older Netwares can do this, but it's worth a short (as
Coach Z would say). If this doesn't work, you're probably going to need to
restructure your directory hierarchy such that you can search both
containers from a parent container (phpLDAPadmin may be able to help, but
don't rely on it for Netware, since NDS doesn't necessarily allow access
to all attributes via LDAP -- probably should use ConsoleOne). This is one
strong argument for keeping your hierarchy flat, and using attributes to
differentiate among users, rather than containers.

Also, there's really nothing wrong with performing two searches to get the
results, unless the client code is out of your control. I'm sure you have
a good reason for needing just one search.

--Dave

<quote who="David Boucha">
> David,
> Hey how are you doing? I have a quick question about ldap searches.
> You explained this to me several months ago when you gave a
> presentation at the UPHPU meeting on LDAP. I need to do a username
> search that spans two different OU's.  For example ou=Orem  and
> ou=Provo. I've been searching all over and can't find a good example
> of how to do that. We're using an older version of Netware.
>
> I can search each one just fine, but not both.
>
> Any Ideas? Thanks a bunch.
>
> David Boucha
>
>
> On Fri, 19 Nov 2004 10:00:29 -0700 (MST), David Smith
> <DavidSmith at byu.net> wrote:
>> <quote who="John Fletcher">
>> > Did anything come of this idea to post the audio or the notes of the
>> > presentation the other day about LDAP?
>>
>> My notes were all on the white board, but I have two small PHP programs
>> that we wrote live in the presentation. They're pretty simplistic, but
>> they really encapsulate the concepts we talked abouut well. I've added
>> lots of commentary to the files that wasn't there during the
>> presentation.
>>
>> Example of LDAP authentication:
>>   http://linode.thesmithfam.org/uphpu/authenticate.php
>> Source:
>>   http://linode.thesmithfam.org/uphpu/authenticate.phps
>>
>> Example of LDAP searching:
>>   http://linode.thesmithfam.org/uphpu/search.php
>> Source:
>>   http://linode.thesmithfam.org/uphpu/search.phps
>>
>> I put myself at the group's service for further questions.

More information about the UPHPU mailing list