On 06/17/2012 12:43 PM, stephen.burke@stfc.ac.uk wrote:
2) Queries do of course need to know the base DN, but there is no need for it to be hard-coded, it can e.g. be passed in an environment variable or derived from the information system itself. Hence for example we can have code which can query either a site BDII or a top BDII simply by passing a different base DN.
This is a key aspect for current information system. The base DN is difficult to change. What we have so far deployed is: Top: GLUE2GroupID=grid,o=glue Site: GLUE2DomainID=CERN-PROD,o=glue Resource: GLUE2GroupID=resource,o=glue There is also the concatenation rule on now we go from distributed trees to a single tree. GLUE2GroupID=resource,GLUE2DomainID=CERN-PROD,GLUE2GroupID=grid,o=glue Once these are deployed, it almost becomes impossible to change. It is for this reason we have been using mds-vo-name=local,o=grid for the past 10 years in GLUE 1.3! With OpenLDAP 2.4 may be possible to migrated as we can configure LDAP redirects. The bind points and concatenation rule were discussed over 2 years ago as part of the implementation. At the time it was agreed that client queries should not rely on the DIT. In the current implementation we do not care about the DIT below the bind point, as it is irrelevant for client queries. However, as you can see the base DN and concatenation rule is integral to the infrastructure. Laurence