[Date Prev][Date Next]
Re: LDAP Proxy resolution by rewriting in meta-backend
> Hi all,
> I'm new to OpenLDAP, and I would like to know if someone can clarify
> me how the LDAP Proxy resolution works in the meta and ldap backends. As
> you can read in the slapd-meta man page, this can be used to initiate
> operations in remote hosts,by using the rewriteRules, but I've tried to
> use it and it doesn't work for me, so I supposse I'm not configuring it
> properly, or I'm not understanding how it really works.
> I've the following configuration (in slapd.conf) for the meta
> database meta
> suffix "o=company"
> uri "ldap://localhost:30389/ou=subscribers,o=company"
> rewriteEngine on
> rewriteContext searchBase
> rewriteRule '.*' 'ldap://localhost:40389/%0' '@'
> And then I do the following search:
> ldapsearch -H ldap://localhost:20389 -x -b "o=company" SearchOn="yes"
> As far as I understand, this should go to the target specified in
> the configuration file, and there the rewiting rules should apply, so
> the operation must be redirected to ldap://localhost:40389. Is it that
> way?, or am I missing something?, the thing is that it's not working as
> I expect, and the query is received by the server
> ldap://localhost:30839... so it seems the rewriting rules are being
The rewrite rule you're writing is not correct
in the sense that the behaviour you expect is
not supported (yet), but it is marked in the
slapd-meta(5) man page as an expected evolution
of the rewrite engine (I need to remove it; that
sentence was intended for a white paper on
rewriting, not for a man page). It is unclear,
though, what you intend to obtain. If all you
want to do back-meta to contact "localhost:40389"
instead of "localhost:40389", all you need to do
is set "uri ldap://localhost:40389" instead of
the one you're using. If you want it to contact
another host only for searches, then there's
very little you can do (and I don't presently
see any reason to do it; am I missing aything?)