Re: back-meta hangs (ITS#3058)

[ando@sys-net.it]

> Pierangelo Masarati wrote:
>
>>back-ldap doesn't need any DN portion of the URI; actually,
>>for some time checks were were in place to enforce its absence!
>>
>>
> I used it in back-meta to specify the suffix to use for some target
> servers.

back-meta needs it for that purpose; I found it useful
to take advantage of the URI directive to associate
a naming context to a target.

>
>
>>>rewriteEngine on
>>>rewriteContext searchBase
>>>rewriteRule   "$" "dc=example,dc=com,o=Organization" ":"
>>>
>>>
>>
>>
>>^^^ this rule is weird, I don't understand it.
>>
>>Apparently, it maps *** anything *** into
>>"dc=example,dc=com,o=Organization"; hope it's intended!
>>
>>If what you want to accomplish is redirect searches
>>for an unrecognized base to the database serving
>>"dc=example,dc=com,o=Organization", you may want to have
>>a look at the "defaultSearchBase" directive in slapd.conf(5);
>>otherwise, the same effect could be obtained by
>>
>>rewriteEngine on
>>rewriteContext searchBase
>>rewriteRule   ".*" "%0,dc=example,dc=com,o=Organization" ":@"
>>
>>at the cost of an extra back-ldap processing!
>>
>>
> Thanks, I'll try that, but my rule works fine for queries on that
> backend (notice that it has an empty suffix specified)  - apparently
> because I'm putting it in the searchBase rewrite context, and it only
> processes the search base. The search base is always empty, ane it gets
> replaced with the correct search base and forwarded to "real" LDAP
> instances specified in uri.

Exactly!  The

defaultSearchBase "dc=example,dc=com,o=Organization"
would really speed things up, and be more general.

p.

-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it


    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497