[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: modify dn while replication

> OK, I definitly need to understand the rewrite rules ! beacause actually
>  I don't really understand the one you sent me :-( , I've just notice
> from my first test that dn: uid=maisel,ou=people,dc=int-evry,dc=fr was
> rewritten (seen from logs !) to dn:
> uid=maisel-maisel,ou=people,dc=int-evry,dc=fr, which isn't really what I
>  wanted:
>
>> I would like to replicate to a slave, but I need to change the dn.
>> Here's a typical dn from the master:
>> dn: uid=test,ou=People,dc=int-evry,dc=fr
>>
>> The slave should receive dn like this:
>> dn: uid=test-ei0205,ou=People,dc=int-evry,dc=fr
>>
>> the "ei0205" appended here comming from the test user entry attribute:
>> IntEPersUserPTM: ei0205

I must have missed this; then the rule
should look like

rewriteMap  ldap uidMap
    "ldap:///ou=People,dc=int-evry,dc=fr?IntEPersUserPTM?one";
rewriteRule "^(uid=[^,]+)(,.*)$$" "%1-%{uidMap(%1)}%2" ":@I"

the ldap rewriteMap works as follows:
the URI's host, port, naming context and scope
are used as is; the attribute(s) part is used
to select the attribute that is returned;
the filter is rerpesented by the string between
brackets at map invocation; in the example,
by %1 which expands to the "uid=[^,]+" portion
of the regexp.

So, assumbing that the filter "(uid=test)"
matches the entry

"id=test-ei0205,ou=People,dc=int-evry,dc=fr"

on the master, and that entry's "IntEPersUserPTM"
attribute contains the value "ei0205", then
the map would return exactly "ei0205"; in the
rightmost part of the rewriteRule, the parts

"uid=test" "-" "ei0205" ",ou=People,dc=int-evry,dc=fr"

are glued together into

"uid=test-ei0205,ou=People,dc=int-evry,dc=fr"

The same process will apply to the DN slurpd
is using to bind to the proxy (in the "replica"
line of the master's slapd.conf), so find out
what it expands to, and use that string as
"updatedn" in the proxy; the same updatedn
will be required at the slave's side.

Otherwise, you may want to intercept that
DN at the proxy side, e.g. use a rule
of the form

rewriteRule "^cn=replicator,ou=people,dc=int-evry,dc=fr$$" "%0" "@"

right before the rewrite rule that expands
the uid.  Maybe this is better for naming
uniformity of administrative entries
between the master and the slave ...

p.

>
> Anyway, I'am far from this now ... , I just want to succeed in rewriting
>  "something" a least :-)
> So again I blindly set my updatedn to:
>
> updatedn  "cn=replicator-replicator,ou=people,dc=int-evry,dc=fr"
>
> Now while adding my new entry , logs on on proxy says:
>
> Feb 19 16:22:50 corbeau slapd[9136]: conn=0 op=2 ADD
> dn="uid=maisel,ou=People,dc=int-evry,dc=fr"
> Feb 19 16:22:50 corbeau slapd[9136]: conn=0 op=2 RESULT tag=105 err=53
> text=referral missing

looks like part of the tree does not exist on the
slave, so the slave is informing you that there's
no default referral to return...

You may need to increase the log level to see what
rewrite does; rewrite logging occurs at different
levels, however it is usually prefixed with "[rw]"

>
> either my upadtedn is wrong, or I'am facing a new pb ? just let me know
> which way to go , change the rewrite rule, understand rewrite rules !

the latter could be an option, since at some point
you might need to some more elaborate rewriting :)

> by
>  the way, is there a way to test rules directly ( shell script or ...)
> for debug purpose ?, or thing are OK now for rewrite rules, I 'am just
> facing a new problem ?

Yes.  In libraries/librewrite there's a "rewrite"
command-line tool:

./rewrite -f rules.conf -r rule1[,rule2[,...]]]

rules are executed in sequence.

I'm afraid it parses strings a bit differently
from slapd (I'll have to fix it some time) so you
don't need to double '$' and few other quirks, but
you may not need most of them.

-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it