[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: back-meta hangs (ITS#3058)

>>I remember that sentence (I might have written it myself); the point is
>>that the  mechanism, AFAIR, is quite gross, in that the failover occurs
>>when the connection is first initialized; since back-ldap (I don't recall
>>back-meta) pools connections, if the failure occurs and there's no
>>connection re-init, you're stuck.
> I've tested back-ldap, it does failover very well (at least as well as
> back-meta). When I have multiple target servers in the uri, separated by
> spaces, back-ldap always tries to contact the first one. If it doesn't
> respond, back-ldap retries with the next target. If it finds a working
> target server, it returns the results to the client.
> All this is completely transparent to the client.
> However, since the list of targets for back-ldap is space or
> comma-separated, I have to drop the base DN from uri specification (as
> it contains a comma - it's a DN after all...).

back-ldap doesn't need any DN portion of the URI; actually,
for some time checks were were in place to enforce its absence!

> My setup looks approximately like this (back-ldap is a separate slapd
> instance that listens on port 391):
> -------BEGIN-------
> database        ldap
> suffix          "dc=example,dc=com,o=Organization"
> rootdn    "cn=Manager,dc=example,dc=com,o=Organization"
> rootpw    secret
> uri           "ldap://localhost:389/ ldaps://ldapreplica.example.com"
> # dla starego base DN "o=altkom.com.pl":
> database        ldap
> suffix          "o=altkom.com.pl"
> uri           "ldap://localhost:389/ ldaps://ldapreplica.example.com"
> suffixmassage  "o=example.com" "dc=example,dc=com,o=Organization"
> # for empty base DN:
> database        ldap
> suffix          ""
> uri           "ldap://localhost:389/ ldaps://ldapreplica.example.com"
> rewriteEngine on
> rewriteContext searchBase
> rewriteRule   "$" "dc=example,dc=com,o=Organization" ":"

^^^ this rule is weird, I don't understand it.

Apparently, it maps *** anything *** into
"dc=example,dc=com,o=Organization"; hope it's intended!

If what you want to accomplish is redirect searches
for an unrecognized base to the database serving
"dc=example,dc=com,o=Organization", you may want to have
a look at the "defaultSearchBase" directive in slapd.conf(5);
otherwise, the same effect could be obtained by

rewriteEngine on
rewriteContext searchBase
rewriteRule   ".*" "%0,dc=example,dc=com,o=Organization" ":@"

at the cost of an extra back-ldap processing!


> -------END-------
> Now I have to see whether back-ldap won't exhibit the deadlock problem
> back-meta did... This will require some weeks of stable operation.

Pierangelo Masarati

    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497