[Date Prev][Date Next]
> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Igor Brezac
> Is it possible for a slave(replica) slapd server to chase referrals?
> This was not possible in 2.1, but I was wondering if this can be done in
> 2.2. I would like for an ldap client to be able to send modify/add
> queries to slave slapd servers which in turn update the master.
Yes, if you build slapd with back-ldap you can configure a chaining overlay
that will chase referrals.
<back-bdb config directives>
back-ldap config directives:
Note that since back-ldap only knows how to deal with a single target URI,
(unlike back-meta, which handles multiple targets) this will only work if all
your referrals point to the same server. At some point we'll overhaul
back-ldap and add multiple target functionality to it...
There is no documentation for this feature yet, the code is probably not in
its final form. At present, the way it works is by opening a session to the
remote server, binding with the binddn/bindpw, and executing the operation
with a proxyAuthz control set to the original user's DN. No DN mapping is
performed on the user's DN - in this context, the master and slave server are
supposed to have identical DITs so mapping should not be needed. Obviously
the binddn must have proxy privileges on the master server.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
Symas: Premier OpenSource Development and Support