[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: back-ldap with glue overlay

To: Eric Irrgang <erici@motown.cc.utexas.edu>
Subject: Re: back-ldap with glue overlay
From: Aaron Richton <richton@nbcs.rutgers.edu>
Date: Mon, 20 Mar 2006 16:53:47 -0500 (EST)
Cc: openldap-software@OpenLDAP.org
In-reply-to: <441BC3E3.20806@symas.com>
References: <Pine.GSO.4.58.0603161648360.17525@grapevine.cc.utexas.edu> <441BC3E3.20806@symas.com>

I had some fun with this a while back. Lots of syntax that you think would
work (and likely will work with better rwm/glue interaction) eventually
run into one ITS or another like Howard noted below. I don't remember
getting anywhere useful with back-relay. In the end, the simplest config
was the one that worked:

database hdb
subordinate
suffix "ou=local,dc=example,dc=com"

database ldap
suffix "dc=example,dc=com"


which is the best I can come up with, although I'd appreciate revisions. I
should note it works fine for many days and then stops, at which point I
run into ITS#4409/4429/etc. (One of my colleagues thinks it might be
stress related.)

On Sat, 18 Mar 2006, Howard Chu wrote:

> There's already an ITS filed about the glue overlay, it prevents any
> other overlays underneath it from executing on the most-superior database.
> (ITS#4323 IIRC)
>
> Until that's fixed, you might see if using a relay database can get
> around the problem.
>
> Eric Irrgang wrote:
> > I have an LDAP server that gets most of its data remotely but stores some
> > internally:
> >
> > database        ldif
> > suffix          "ou=groups,dc=foo"
> > directory       /var/ldap/groups
> >
> > database        ldap
> > suffix          "dc=foo"
> > uri             "ldaps://otherserver:636/"
> > overlay         rwm
> > rwm-suffixmassage "dc=foo"      "dc=other"
> >
> > If I do a search with a base of ou=people,dc=foo it gets proxied and a
> > search base of ou=groups,dc=foo hits the local ldif backend.
> >
> > I would like to be able to use a search base of dc=foo and have searches
> > go to both backends, but if I add 'subordinate' in the ldif backend
> > definition, the ldap backend stops working because the search base stops
> > getting translated by the rwm overlay and searches still aren't propagated
> > to the ldif backend.
> >
> > Can the glue overlay be used with an ldap backend as the superior
> > database?  If not, any other suggestions?  Could I define the ldap backedn
> > with multiple suffixes (one for each of the first-level branches) and then
> > glue both databases into a superior one that supports the glue overlay?
> >
> >

Follow-Ups:
- Re: back-ldap with glue overlay
  - From: Eric Irrgang <erici@motown.cc.utexas.edu>

References:
- back-ldap with glue overlay
  - From: Eric Irrgang <erici@motown.cc.utexas.edu>
- Re: back-ldap with glue overlay
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: updateref not working
Next by Date: Re: updateref not working
Index(es):
- Chronological
- Thread