[UPHPU] LDAP talk notes/audio

David Boucha boucha at gmail.com
Tue Feb 8 11:09:29 MST 2005

Thanks for the tip, David. I'm going to try the referral, or else
we'll have to do the multiple searches.  I only have a basic knowledge
of LDAP so your insight is a big help.

Thanks a ton.

David Boucha

On Tue, 8 Feb 2005 09:06:47 -0700 (MST), David Smith <DavidSmith at byu.net> wrote:
> David,
> I'm replying on the uphpu list in case this is of general interest.
> This came up on the umich-ldap mailing list last week as well. I suggested
> one solution, described below, but I refer you to that thread (you'll have
> to search for the archives, I can't seem to find them right now) to see
> others' solutions.
> This is a common question and goes right back to the design of your LDAP
> server. You cannot perform an LDAP search on two containers with one
> search command. The solution I recommend, the feasability of which will
> depend on your LDAP server, is to create a new OU, perhaps called
> ou=ProvoOrem. Then, inside that OU, place referrals to the two OUs of
> interest, like this:
> ou=ProvoOrem,o=base
>     ou=Provo (referral to ou=Provo,o=base)
>     ou=Orem  (referral to ou=Provo,o=base)
> I'm not sure if older Netwares can do this, but it's worth a short (as
> Coach Z would say). If this doesn't work, you're probably going to need to
> restructure your directory hierarchy such that you can search both
> containers from a parent container (phpLDAPadmin may be able to help, but
> don't rely on it for Netware, since NDS doesn't necessarily allow access
> to all attributes via LDAP -- probably should use ConsoleOne). This is one
> strong argument for keeping your hierarchy flat, and using attributes to
> differentiate among users, rather than containers.
> Also, there's really nothing wrong with performing two searches to get the
> results, unless the client code is out of your control. I'm sure you have
> a good reason for needing just one search.
> --Dave
> <quote who="David Boucha">
> > David,
> > Hey how are you doing? I have a quick question about ldap searches.
> > You explained this to me several months ago when you gave a
> > presentation at the UPHPU meeting on LDAP. I need to do a username
> > search that spans two different OU's.  For example ou=Orem  and
> > ou=Provo. I've been searching all over and can't find a good example
> > of how to do that. We're using an older version of Netware.
> >
> > I can search each one just fine, but not both.
> >
> > Any Ideas? Thanks a bunch.
> >
> > David Boucha
> >
> >
> > On Fri, 19 Nov 2004 10:00:29 -0700 (MST), David Smith
> > <DavidSmith at byu.net> wrote:
> >> <quote who="John Fletcher">
> >> > Did anything come of this idea to post the audio or the notes of the
> >> > presentation the other day about LDAP?
> >>
> >> My notes were all on the white board, but I have two small PHP programs
> >> that we wrote live in the presentation. They're pretty simplistic, but
> >> they really encapsulate the concepts we talked abouut well. I've added
> >> lots of commentary to the files that wasn't there during the
> >> presentation.
> >>
> >> Example of LDAP authentication:
> >>   http://linode.thesmithfam.org/uphpu/authenticate.php
> >> Source:
> >>   http://linode.thesmithfam.org/uphpu/authenticate.phps
> >>
> >> Example of LDAP searching:
> >>   http://linode.thesmithfam.org/uphpu/search.php
> >> Source:
> >>   http://linode.thesmithfam.org/uphpu/search.phps
> >>
> >> I put myself at the group's service for further questions.

More information about the UPHPU mailing list