[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: referrals

On Fri, 16 Jan 2004, Howard Chu wrote:

> > -----Original Message-----
> > From: owner-openldap-software@OpenLDAP.org
> > [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Igor Brezac
> > Is it possible for a slave(replica) slapd server to chase referrals?
> > This was not possible in 2.1, but I was wondering if this can be done in
> > 2.2.  I would like for an ldap client to be able to send modify/add
> > queries to slave slapd servers which in turn update the master.
> Yes, if you build slapd with back-ldap you can configure a chaining overlay
> that will chase referrals.
> 	database bdb
> 	suffix o=foo
> 	<back-bdb config directives>
> 	updateref ldap://master
> 	overlay chain
> 	back-ldap config directives:
> 	uri ldap://master
> 	binddn ...
> 	bindpw ...
> Note that since back-ldap only knows how to deal with a single target URI,
> (unlike back-meta, which handles multiple targets) this will only work if all
> your referrals point to the same server. At some point we'll overhaul
> back-ldap and add multiple target functionality to it...

Thanks for the response.  I really need only one target (for one master),
so this should work for me.

> There is no documentation for this feature yet, the code is probably not in
> its final form.  At present, the way it works is by opening a session to the
> remote server, binding with the binddn/bindpw, and executing the operation
> with a proxyAuthz control set to the original user's DN. No DN mapping is
> performed on the user's DN - in this context, the master and slave server are
> supposed to have identical DITs so mapping should not be needed. Obviously
> the binddn must have proxy privileges on the master server.
>   -- Howard Chu
>   Chief Architect, Symas Corp.       Director, Highland Sun
>   http://www.symas.com               http://highlandsun.com/hyc
>   Symas: Premier OpenSource Development and Support