[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP Proxy resolution by rewriting in meta-backend

>     Hi Pierangelo,


please stay on the list.

>     Thank you very much for your fast response, so if the behaviour
> described in the slapd-meta(5) man page is still not implemented that
> was the cause of my problem... The sample I sent to the list is a
> simplification of what I really wanted to do, I'll try to explain it to
> you:
>     I have a set of user information distributed in 2 directory servers:
> ldap://localhost:30839, and ldap://localhost:40839. Users  are
> identified by an attribute called SearchOn, which is a string with a
> number inside it, this number can finish in 1, or in 2. Users with the
> number finishing in 1 are in ldap://localhost:30839, and users with the
> number finishing in 2 are in ldap://localhost:40389. All the users, in
> both directory servers, are in the same directory branch: "o=company,
> ou=users".
>     Then, what I wanted to do is to use a slapd meta backend to redirect
> the querys about the users to the proper directory server. The
> configuration to do this with the meta would be:
> database    meta
> suffix         "o=company"
> uri             "ldap://localhost:30389/ou=subscribers,o=company";
> uri             "ldap://localhost:40389/ou=subscribers,o=company";
>     But this will always send the request to both directory servers,
> because there's ambiguity, and I wanted for the request to be sent only
> to the proper one, then I read about the LDAP proxy resolution by
> rewriting in the man page, and I thougt my solution was there, so I
> tried this:
> database        meta
> suffix          "o=company"
> uri             "ldap://localhost:30389/ou=subscribers,o=company";
> rewriteEngine on
> reWriteContext        searchFilter
> rewriteRule   '(.*)[0-9]*1(.*)' 'ldap://localhost:30389/%0' '@'
> rewriteRule   '(.*)[0-9]*2(.*)' 'ldap://localhost:40389/%0' '@'
>     Of course, this didn't work, because as you said it's not still
> implemented, then I asked why and tried to test some more related
> things... and you know the rest of the history.
>     Do you think there's some way to do what I want by configuring
> properly the meta backend? Again, thank you very much for your help.
>     Kind regards,

What you're trying to do would be pretty easy;

database        meta
suffix          "o=company"

uri             "ldap://localhost:30389/<subcontext,>o=company"

rewriteEngine on
reWriteContext        searchFilter
rewriteRule   '<from>' '<to>' '@'

uri             "ldap://localhost:30489/<subcontext,>o=company"

rewriteEngine on
reWriteContext        searchFilter
rewriteRule   '<from>' '<to>' '@'

it is unclear what you're rewriting to; do you
need to change any part of the naming context?
If you'd be more precise on where the entries
are and what's your entry naming policy I can
be more precise.

Note that determining the exact placement of
an entry based on the content of a non naming
attribute is too far from the LDAP naming
paradigm even for back meta; I could think of
adding a "filter" portion to the URI, and use
it in selecting the most appropriate target,
but that's really wicked!  Interesting, though.


Pierangelo Masarati