Re: Finding out what DNs have changed? LDAP->NIS translations.

[Andrew Findlay <andrew.findlay@skills-1st.co.uk>]

On Thu, Oct 31, 2002 at 10:26:12PM +0100, Erik Forsberg wrote:

> My idea for a LDAP->NIS gateway is instead to keep the NIS server, but
> to change it's database behind it's back. It should be doable, I just

Interesting idea. Watch out for in-memory caches. nscd may give
problems too. You may need to fool each NIS server into thinking that
it is the master, as you can then send it the 'database has changed'
RPC message after doing updates.

There may be locking and consistency problems too, as NIS uses a
rather early form of DBM which was not really designed for
simultaneous access.

> Now to the real question - How can I find out when data changes in the
> LDAP? I'd like to know the DN:s of the entries changed, in order to
> read them from my daemon. One of my ideas here is to fool slapd it has
> slaves, and then read the file slurpd is supposed to read. Could that
> work? Any other ideas about how to find this information? Is there a
> log written with this information for some loglevel?

The pseudo-slave idea is the way to go, as you will be using a
mechanism that was designed for the job. Using logfiles is possible,
but I suspect less reliable (see the slapd.conf manpage for the
appropriate loglevel - 768 will probably be close).

Andrew
-- 
-----------------------------------------------------------------------
|                 From Andrew Findlay, Skills 1st Ltd                 |
| Consultant in large-scale systems, networks, and directory services |
|     http://www.skills-1st.co.uk/                +44 1628 782565     |
-----------------------------------------------------------------------