Skip to content

Multiple domains #157

@svallory

Description

@svallory

Is it possible to use multiple domains? How?

Activity

dolanor

dolanor commented on Dec 9, 2017

@dolanor

I have the exact same question and I struggled to find the answer.

From what I could gather, yes you could. Doing multiple domains with one common root would be easier (for example, multiple domain under .com (dc=com)).
But in the end, ldap is pretty flexible and I needed multiple TLDs.
So, what I did, is to create a TLD called multiverse, and under it, put different real-life TLDs.

I have:

  • dc=mydomain,dc=com,dc=multiverse
  • dc=clientdomain,dc=io,dc=multiverse

Then, you can just set your base DN to be dc=multiverse to search real TLDs as dc=clientdomain,dc=io without the need to add the dc=multiverse suffix.

parthg13

parthg13 commented on Apr 22, 2020

@parthg13

I have the exact same question and I struggled to find the answer.

From what I could gather, yes you could. Doing multiple domains with one common root would be easier (for example, multiple domain under .com (dc=com)).
But in the end, ldap is pretty flexible and I needed multiple TLDs.
So, what I did, is to create a TLD called multiverse, and under it, put different real-life TLDs.

I have:

  • dc=mydomain,dc=com,dc=multiverse
  • dc=clientdomain,dc=io,dc=multiverse

Then, you can just set your base DN to be dc=multiverse to search real TLDs as dc=clientdomain,dc=io without the need to add the dc=multiverse suffix.

@dolanor , have you tried your method in the osixia docker image or directly on a system? Also, please could you help me with where exactly your changes are supposed to be made? I have been struggling with it for a long time.
Any help would be appreciated. :-)

marinipete

marinipete commented on Feb 3, 2022

@marinipete

@parthg13 I'm struggling with the same issue, have you figured this out ?

dolanor

dolanor commented on Feb 3, 2022

@dolanor

God, I'm sorry I missed this call for help, @parthg13 . Yes I did it on the docker image. But it is mainly how you structure your LDAP hierarchy, actually.
What's your problem, @marinipete ?

marinipete

marinipete commented on Feb 10, 2022

@marinipete

Hey there, @dolanor . I was off for a while, let me detail the scenario.

I'm migrating a LDAP base an Oracle LDAP base to OpenLDAP, I'm using this image to dockerize the openLDAP. In the current Oracle's implementation, there is a **root ** parent DN, with that I can simply add as many suffixes under this root and It doesn't need to be specified in ldap queries, so it's transparente for the ldap clients.
Now, I'm trying to translate this to Openldap using this image, I've already inspect the startup.sh and it looks like the code expects only one string for LDAP_DOMAIN and LDAP_BASE_DN, I guess this could be altered by extending the image.
Now, from what I read about OpenLdap, it is a best practice to have different suffixes in diferente databases, however, I have one limitation right now that I use only one DNS for all my ldap suffixes, and since Oracle has this transparent root that I talked about, all ldap applications use this single DNS endpoint independently from the tree being queried (since it's not necessary to specify the root). I need to keep this that way, as having multiple DNS for different suffixes would require an update in a lot of applications.

Do you know if that's possible with OpenLDAP ?
I would appreciate any form kind of insight.

dolanor

dolanor commented on Mar 14, 2022

@dolanor

I would say it is possible, as I do this myself.
I handle multiple domains with different TLDs.
As I said, my ldap tree is as is

+ dc=multiverse
    + dc=com
        + ou=mydomain
            + ou=apps
                 + cn=nextcloud
        + ou=myotherdomain
    + dc=io
        + ou=mygeekydomain

I must say that I didn't connect my DNS directly to this LDAP, so it doesn't generate DNS records for me. I was confused on how LDAP worked and how to deal with it.
So my DNS is handled manually with my registrar to point to the correct server IP address.
But on each domain, I can have many apps (eg. nextcloud) as a CN and a uniqueMember applied to it, and in it, I store the useful info (which user has access to this app for example). And in each app, I check this group uniqueMembers to see if this LDAP authentified user has access to this app.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

      Development

      No branches or pull requests

        Participants

        @svallory@dolanor@marinipete@parthg13

        Issue actions

          Multiple domains · Issue #157 · osixia/docker-openldap