[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Problems understanding referrals
On Wed, 29 Mar 2000, Williams, Murray Todd wrote:
> and I want to split the work to two servers so that the actual data looks
> like...
>
> SERVER A SERVER B
> top top
> | |
> | |
> o=mrk o=mrk
> / \
> / \
> ou=People ou=Workstations
>
> but I want an individual to be able to make an ldapsearch on either server
> and have the response look like the original single-server solution.
If your top an o=mrk entries don't contain any information that you need, you
could achieve this by making the ou=People and ou=Workstations roots of
separate servers and then providing referral entries in the slapd.conf pointing
at the other server. I.e.
SERVER A SERVER B
ou=People, o=mrk ou=Workstations, o=mrk
In SERVER A's slapd.conf you would need the following lines:
suffix "ou=People, o=mrk"
referral ldap://<SERVER B>/ou=Workstations, o=mrk
and SERVER B:
suffix "ou=Workstations, o=mrk"
referral ldap://<SERVER A>/ou=People, o=mrk
What this does is allow each server to satisfy requests for queries within its
stated suffix, but sends clients across to the other server for all other
queries.
What this doesn't provide for is queries for the o=mrk entry. You may be able
to set up both servers with an o=mrk suffix, duplicate the entry and still
use the referral lines above - but I haven't tried this. Theoretically it
should work...
Another solution is to set up SERVER A to hold top, o=mrk and ou=People and to
add a referral entry in for ou=Workstations. Then configure SERVER B's root to
be ou=Workstations, o=mrk, but set the referral to point at the top of SERVER
A. I.e.
SERVER A SERVER B
top ou=Workstations, o=mrk
|
o=mrk
/ \
ou=People ou=Workstations
(referral)
This time, SERVER A's config is:
suffix "top" # Whatever your top entry is
# No referral line this time
and for SERVER B:
suffix "ou=Workstations, o=mrk"
referral ldap://<SERVER A>/top
The ou=Workstations entry in SERVER A will look like:
dn: ref="ldap://<SERVER B>/ou=Workstations,o=mrk, top",ou=Workstations, o=mrk,
top
objectclass: referral
ref: ldap://<SERVER B>/ou=Workstations,o=mrk, top
In this configuration, queries directed at SERVER A will be satisfied if they
are for the top, o=mrk or ou=People sections of the directory. If SERVER A
receives a query for anything in the ou=Workstations subtree, it will return
the referral entry directing the client to SERVER B.
Conversely, queries directed at SERVER B will only be satisfied if they are for
the ou=Workstation subtree. Any other query is outside that server's tree and
will be passed to SERVER A through the referral entry in the slapd.conf.
> On some of my permutations, I've gotten the message "Partial results and
> referral received" from ldapsearch, and I don't know if it's an error or
> not. What I want is to be able to say:
>
> ldapsearch -h "server_b" -b "o=mrk" "cn=somebody,ou=People"
ldapsearch (and the Perl LDAP modules) will follow the above referrals
automatically. You can stop ldapsearch following referrals using the -R flag -
which lets you check what would happen. (Though the PerLDAP and Net::LDAPapi
modules don't seem to support disabling following of referrals).
The problem with your query above is that the filter isn't valid. You need to
do something like:
ldapsearch -h 'server_b' -b 'o=mrk' '(&(cn=somebody)(objectclass=person))'
If you know you want to search for people, you could also use:
ldapsearch -h 'server_b' -b 'ou=People,o=mrk' '(cn=somebody)'
Hope that helps a bit.
Cheers,
Neil
-------------------------------------------------------------------------------
Neil Hunter Tel: +44 (0)113 234 6073
Internet Systems Developer Fax: +44 (0)113 234 6065
Planet Online Limited Mobile: +44 (0)7787 100 649
-------------------------------------------------------------------------------