[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Problem binding two naming contexts



On Tue, 2005-11-22 at 10:30 +0100, Jan-Piet Mens wrote: 
> I'm using OpenLDAP 2.3.11 and I'd like to set up this server
> to serve a single base (naming doesn't really matter) which
> retrieves entries from a local BDB backend as well as a foreign
> LDAP backend.
> 
> If I try do make the foreign back-ldap subordinate of my
> naming context, an ldapsearch retrieves the desired values, but
> only on the very first invocation after starting the local
> server; on subsequent invocations it doesn't return the entries
> previously found. I have

This is not working the way you intend it because of issues with the
design of slapo-rwm that does not interact smoothly with the glue (see
ITS#3971, it's on my todo list).

One alternative is to put slapo-rwm as a global overlay, so that
rewriting occurs __before__ gluing.  An example is provided in test039,
which does exactly this.

> 
>   database        ldap
>   overlay rwm
>   uri             "ldap://ldap1.example.com/ ldap://ldap2.example.com/";
>   rwm-suffixmassage   "ou=People,dc=other,dc=com"  "ou=People,dc=example,dc=com"
>   suffix          "ou=People,dc=other,dc=com"
>   subordinate
>   rwm-map             attribute uid           *
>   rwm-map             attribute cn            *
>   rwm-map             attribute sn            *
>   rwm-map             attribute givenname     *
>   rwm-map             attribute mail          *
>   rwm-map             attribute telephonenumber *
>   rwm-map             attribute usercertificate;binary *
>   rwm-map             attribute *
>   rwm-map             objectclass person      *
>   rwm-map             objectclass inetorgperson       *
>   rwm-map             objectclass *
>   lastmod         off
>   
>   database        bdb
>   suffix          "dc=other,dc=com"
>   rootdn          "cn=Manager,dc=other,dc=com"
>   ...
> 
> 
> Alternatively, I tried binding the two backends with back-meta as in
> 
>   database        bdb
>   suffix          "dc=other,dc=com"
>   ..
> 
>   database        ldap
>   overlay rwm
>   uri             "ldap://ldap1.example.com/ ldap://ldap2.example.com/";
>   suffix          "dc=example,dc=com"
>   
>   database      meta
>   suffix        "dc=foo,dc=com"
>   overlay rwm
>   
>   uri           "ldap://localhost/dc=other,dc=com";
>   default-target
>   rwm-suffixmassage "dc=foo,dc=com" "dc=other,dc=com"
>   
>   uri           "ldap://localhost/dc=example,dc=com";
>   rwm-suffixmassage "dc=foo,dc=com" "dc=example,dc=com"
> 
> hoping to find the content of both DSA under dc=foo,dc=com, but 
> that doesn't work for me.
> 
> What am I doing wrong? I'd like a single search base (o=anything)
> to find entries under both naming contexts.

You made that faaaaar too complicated, and you don't (yet) need the rwm
with back-meta: rwm capabilities are builtin; an example is provided in
test035, however you may try this:

<slapd.conf>
database        bdb 
suffix          "dc=other,dc=com"
# ...
  
database      meta
suffix        "dc=foo,dc=com"

# remote, with builtin rewrite
uri           "ldap://localhost/ou=People,dc=foo,dc=com";
suffixmassage "ou=People,dc=foo,dc=com" "ou=People,dc=example,dc=com"
map attribute     ...
map objectClass   ...

# local, with builtin rewrite
uri           "ldap://localhost/dc=foo,dc=com";
suffixmassage "dc=foo,dc=com" "dc=example,dc=com"
</slapd.conf>

Anyway, I suggest using back-ldap with global rwm.  All of this will be
simplified, some time.

p.




Ing. Pierangelo Masarati
Responsabile Open Solution

SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
------------------------------------------
Office:   +39.02.23998309          
Mobile:   +39.333.4963172
Email:    pierangelo.masarati@sys-net.it
------------------------------------------