Full_Name: Bastien Bonnefon Version: 2.4.39 OS: CentOS 7 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (194.2.202.93) Hi, I have installed openldap as meta directory to request multiple Active Directory. I have managed to install and make it work with dynamic configuration or slapd.conf. But one of the applications accessing the directory needs paged results due to the large amount of entries returned. So I've searched and found the directive "client-pr", which seems to have been enabled since this case : http://www.openldap.org/its/index.cgi/Software%20Enhancements?id=6664;page=4 The directive is also dcribibed in the slapd-meta man page : http://www.openldap.org/software/man.cgi?query=slapd-meta&apropos=0&sektion=0&manpath=OpenLDAP+2.4-Release&format=html However, enabling the feature in slapd.conf (I just can't in olc format) doesn't work. Syslog shows this : "unknown directive <client-pr> inside backend database definition" I've started testing with CentOS 7 and package openldap 2.4.39 I've then tried with Debian Wheezy and Ubuntu 14.04 (package slapd 2.4.31) I've also tried installing openldap from the source with the version 2.4.24 (client-pr should have been enabled in this version due to ITS#6664) => no way :/ I think I've declared the directive as specified in the man page but maybe I miss something. I have not found any other report on the web on how to use "client-pr". Thank you for your help. Here is my slapd.conf # Include include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/inetorgperson.schema include /etc/ldap/schema/nis.schema pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args # Modules moduleload back_ldap.la moduleload back_meta.la # Database meta database meta suffix "dc=meta,dc=local" rootdn "cn=Manager,dc=meta,dc=local" rootpw secret_password1 # First directory uri "ldap://192.168.0.1/ou=test1,dc=meta,dc=local" client-pr accept-unsolicited lastmod off suffixmassage "ou=test1,dc=meta,dc=local" "dc=test1,dc=local" idassert-bind bimemethod=simple binddn="cn=openldap,OU=users,OU=TEST,dc=test1,dc=local" credentials="secret_password2" mode=none flags=non-prescriptive idassert-authzFrom "dn.exact:cn=Manager,dc=meta,dc=local" chase-referrals no acl-authcDN cn=openldap,OU=users,OU=TEST,dc=test1,dc=local acl-passwd secret_password2 # Second Directory uri "ldap://192.168.0.2/ou=test2,dc=meta,dc=local" client-pr accept-unsolicited lastmod off suffixmassage "ou=test2,dc=meta,dc=local" ,%c=test2,dc=local" idassert-bind bindmethod=simple binddn="cn=openldap,OU=users,OU=TEST,dc=test2,dc=local" credentials="secret_password3" mode=none flags=non-prescriptive idassert-authzFrom "dn.exact:cn=Manager,dc=meta,dc=local" chase-referrals no acl-authcDN "cn=openldap,OU=users,OU=TEST,dc=test2,dc=local" acl-passwd secret_password3 idletimeout 1800
kenel.bastoon@gmail.com wrote: > Full_Name: Bastien Bonnefon > Version: 2.4.39 > OS: CentOS 7 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (194.2.202.93) > > > Hi, > > I have installed openldap as meta directory to request multiple Active > Directory. > I have managed to install and make it work with dynamic configuration or > slapd.conf. > But one of the applications accessing the directory needs paged results due to > the large amount of entries returned. > > So I've searched and found the directive "client-pr", which seems to have been > enabled since this case : > http://www.openldap.org/its/index.cgi/Software%20Enhancements?id=6664;page=4 > > The directive is also dcribibed in the slapd-meta man page : > http://www.openldap.org/software/man.cgi?query=slapd-meta&apropos=0&sektion=0&manpath=OpenLDAP+2.4-Release&format=html Looking at the ITS history, it appears that this code was released in January 2011 but in fact, the released code is not actually enabled. (It is behind an #ifdef LDAP_DEVEL mask.) Most likely a mistake was made in releasing it at that time, since I see no actual test feedback in the ITS. If you want to test this you will have to compile back-meta yourself, and edit back-meta.h to make sure SLAPD_META_CLIENT_PR gets defined instead of being hidden. Please then send your test results as a followup to ITS#6664. > However, enabling the feature in slapd.conf (I just can't in olc format) doesn't > work. Syslog shows this : > "unknown directive <client-pr> inside backend database definition" > > I've started testing with CentOS 7 and package openldap 2.4.39 > I've then tried with Debian Wheezy and Ubuntu 14.04 (package slapd 2.4.31) > I've also tried installing openldap from the source with the version 2.4.24 > (client-pr should have been enabled in this version due to ITS#6664) => no way > :/ > > I think I've declared the directive as specified in the man page but maybe I > miss something. I have not found any other report on the web on how to use > "client-pr". > Thank you for your help. > > > Here is my slapd.conf > > # Include > include /etc/ldap/schema/core.schema > include /etc/ldap/schema/cosine.schema > include /etc/ldap/schema/inetorgperson.schema > include /etc/ldap/schema/nis.schema > > pidfile /var/run/slapd/slapd.pid > argsfile /var/run/slapd/slapd.args > > # Modules > moduleload back_ldap.la > moduleload back_meta.la > > # Database meta > database meta > suffix "dc=meta,dc=local" > > rootdn "cn=Manager,dc=meta,dc=local" > rootpw secret_password1 > > # First directory > uri "ldap://192.168.0.1/ou=test1,dc=meta,dc=local" > client-pr accept-unsolicited > lastmod off > suffixmassage "ou=test1,dc=meta,dc=local" "dc=test1,dc=local" > idassert-bind bimemethod=simple > binddn="cn=openldap,OU=users,OU=TEST,dc=test1,dc=local" > credentials="secret_password2" > mode=none > flags=non-prescriptive > idassert-authzFrom "dn.exact:cn=Manager,dc=meta,dc=local" > chase-referrals no > acl-authcDN cn=openldap,OU=users,OU=TEST,dc=test1,dc=local > acl-passwd secret_password2 > > # Second Directory > uri "ldap://192.168.0.2/ou=test2,dc=meta,dc=local" > client-pr accept-unsolicited > lastmod off > suffixmassage "ou=test2,dc=meta,dc=local" ,%c=test2,dc=local" > idassert-bind bindmethod=simple > binddn="cn=openldap,OU=users,OU=TEST,dc=test2,dc=local" > credentials="secret_password3" > mode=none > flags=non-prescriptive > idassert-authzFrom "dn.exact:cn=Manager,dc=meta,dc=local" > chase-referrals no > acl-authcDN "cn=openldap,OU=users,OU=TEST,dc=test2,dc=local" > acl-passwd secret_password3 > > > idletimeout 1800 > > > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
Thank you for your reply. I will follow your suggestion. As my case is not urgent, I'll send comments to ITS#6664 when I'll have time to test more in depth. Regards
Actually only enabled for RE25.