[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Problem binding two naming contexts

To: Jan-Piet Mens <jpm@retail-sc.com>
Subject: Re: Problem binding two naming contexts
From: Pierangelo Masarati <ando@sys-net.it>
Date: Wed, 23 Nov 2005 14:25:54 +0100
Cc: openldap-software@OpenLDAP.org
In-reply-to: <20051123125208.GA28213@m1.intdus.retail-sc.com>
References: <20051122093031.GA620@m1.intdus.retail-sc.com> <1132676047.9350.5.camel@ando> <20051123100802.GA11837@m1.intdus.retail-sc.com> <1132742973.3347.27.camel@ando> <20051123125208.GA28213@m1.intdus.retail-sc.com>

On Wed, 2005-11-23 at 13:52 +0100, Jan-Piet Mens wrote:
> On Wed Nov 23 2005 at 11:49:33 CET, Pierangelo Masarati wrote:
> 
> > In your very case:
> > 
> > <slapd.conf>
> > database	bdb
> > suffix		"o=RSC"
> > 
> > database	meta
> > suffix		"dc=virtual"
> > # ... uri #0
> > uri		"ldap://localhost/ou=People,dc=virtual";
> > suffixmassage	"ou=People,dc=virtual" "ou=People,dc=retail"
> > # ... uri #1
> > uri		"ldap://localhost/dc=virtual";
> > suffixmassage	"dc=virtual" "o=RSC"
> > </slapd.conf>
> > 
> 
> Thank you! That worked. I notice that binds on
> uid=xx,ou=rsc,dc=virtual always work (i.e. they don't seem to be
> checked on the target server); is that correct and/or can it
> be changed?

No, it's not.  Please make sure you're not missing anything, post the
logs (at "stats") of the remote and the proxy servers.  If the problem
is confirmed, you should file an ITS.

> 
> Furthermore, upon searching for sn=mens for example, only the 
> results from the first URI are returned. Can that be changed
> to include all results of all uri?

All should.  Again, please post logs for both the remote server and the
proxy (now at "stats" + "stats2").

> 
> > As I said in my previous posting, you may still use gluing for a totally
> > different setup this way:
> > 
> > <slapd.conf>
> > # global overlay: goes before any database
> > overlay			rwm
> > rwm-suffixmassage	"ou=People,o=RSC" "ou=People,dc=retail"
> > 
> > # first database: proxy for people; gets rewritten
> > database		ldap
> > suffix			"ou=People,o=RSC"
> > subordinate
> > uri			"ldap://localhost";
> > 
> > # main database: does not get rewritten
> > # because rwm-suffixmassage rule does not match
> > database		bdb
> > suffix			"o=RSC"
> > </slapd.conf>
> 
> This doesn't work for me. I see on the target server, that the
> original naming context is searched for (in the example above
> the target server is getting "ou=People,o=RSC"). 

Sorry, I got confused.  In fact, locally the databases see all the DN
rewritten; so you should have everything rewritten; I don't think this
can be done yet.  Stay with the other approach and please report about
the issues we discussed above.  Try to deal with each of them
separately, so please don't intermix the bind and the search logs.

p.




Ing. Pierangelo Masarati
Responsabile Open Solution

SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
------------------------------------------
Office:   +39.02.23998309          
Mobile:   +39.333.4963172
Email:    pierangelo.masarati@sys-net.it
------------------------------------------

Follow-Ups:
- Re: Problem binding two naming contexts
  - From: Jan-Piet Mens <jpm@retail-sc.com>

References:
- Problem binding two naming contexts
  - From: Jan-Piet Mens <jpm@retail-sc.com>
- Re: Problem binding two naming contexts
  - From: Pierangelo Masarati <ando@sys-net.it>
- Re: Problem binding two naming contexts
  - From: Jan-Piet Mens <jpm@retail-sc.com>
- Re: Problem binding two naming contexts
  - From: Pierangelo Masarati <ando@sys-net.it>
- Re: Problem binding two naming contexts
  - From: Jan-Piet Mens <jpm@retail-sc.com>

Prev by Date: Re: Problem binding two naming contexts
Next by Date: Ldapadd or Ldapmodify without ldif file
Index(es):
- Chronological
- Thread