[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: how to extend a remote database with local entries ?

To: Dieter Kluenter <dieter@dkluenter.de>
Subject: Re: how to extend a remote database with local entries ?
From: Oren Laadan <orenl@cs.columbia.edu>
Date: Mon, 11 Feb 2008 00:21:40 -0500
Cc: openldap-software@openldap.org
In-reply-to: <871w7mh79g.fsf@magenta.l4b.de>
Organization: Columbia University
References: <47ACA371.5070202@cs.columbia.edu> <871w7mh79g.fsf@magenta.l4b.de>
User-agent: Thunderbird 2.0.0.9 (X11/20071031)

Hi,

Your suggestion indeed seems to work !  I'll be monitoring the system
for lockups, but since there are no self-references from the server to
itself involved, I don't expect problems. Below is the layout of the
working configuration, for future references.

...
moduleload      back_ldap
moduleload      back_bdb
...
backend         bdb
backend         ldap
...
# bdb backend, configured as a subordinate of the main server
database        bdb
suffix          "dc=SUB,dc=EXAMPLE,dc=COM"
readonly        on
subordinate
...
# ldap backend, with the right DN base
database        ldap
lastmod         off
suffix          "dc=EXAMPLE,dc=COM"
uri             "ldaps://REMOTE_SERVER/"
...

Works like charm :)  Many thanks to all those that tried to help me
sort out the problem.

Oren.

Dieter Kluenter wrote:

Hi,

Oren Laadan <orenl@cs.columbia.edu> writes:

Hi,

I want to setup a local ldap server for my team that will extend a remote
ldap server (whose database is inaccessible to me and I cannot simply
replicate) with a small number (less than 100) of new (local) entries.
For example, the local server may add entries for new users only in my
team, but also support authentication of all users in the remote server.

I tried to use back-meta, which seems most suitable for merging data
from multiple targets. Assume the DN base is "dc=EXAMPLE,dc=COM",
which is what the clients use.

To set it up, I used the following config snippets:

...
moduleload      back_ldap
moduleload      back_meta
moduleload      back_bdb
...
backend         bdb
backend         meta
...
# bdb backend, with a "local" DN base different than the main one\
# not intended to serve clients, but to serve the meta backend only
database        bdb
suffix          "dc=TMP,dc=EXAMPLE,dc=COM"
readonly        on
...
# meta backend, with the right DN base, serving the clients
database        meta
lastmod         off
suffix          "dc=EXAMPLE,dc=COM"
uri             "ldaps://REMOTE_SERVER/dc=EXAMPLE,dc=COM"
uri             "ldaps:///dc=TMP,dc=EXAMPLE,dc=COM"
suffixmassage   "dc=EXAMPLE,dc=COM" "dc=TMP,dc=EXAMPLE,dc=COM"
...


Declare back-bdb as subbordinate to back-meta. Something like

database bdb
suffix dc=tmp,dc=example,dc=com
...
subordinate


database meta
suffix dc=example,dc=com
uri ...
uri ...


hehehe .. one of these uri's used to point to the server itself, and
this is not well supported by openldap, hence the original problem.

-Dieter

References:
- how to extend a remote database with local entries ?
  - From: Oren Laadan <orenl@cs.columbia.edu>
- Re: how to extend a remote database with local entries ?
  - From: "Dieter Kluenter" <dieter@dkluenter.de>

Prev by Date: Re: TLS Certificate Issue
Next by Date: Re: (ITS#5354) slapd repeatedly hangs and stops reponding
Index(es):
- Chronological
- Thread