[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Meta to Ldap loopback not working.

On Wed, 2005-12-21 at 12:32 -0500, Matthew Stier wrote:

> I tried the options you suggested, it simplied complained it didn't
> know what the arguments meant.

You mean

idassert-authzfrom "dn:.*"

this is supported since 2.3 is out; only, it's not required (at least in
2.3.12-13) as it should to let anonymous connections be asserted.  It
will since 2.3.14.

> 
> However, I have solved the problem. I stumbled across a referernce to
> 'threads', and check my configuration script, and found that I had
> turned them off, as part of a debug session for an earlier release of
> OpenLDAP.  I commented out the 'threads' option, and let 'configure'
> figure it out automatically, and loopback is now operating.

OK, that's essentially ITS#4141
<http://www.openldap.org/its/index.cgi/Build?id=4141>: proxy backends
need threads when looping back because essentially each call is turned
into spawning one extra thread per connection, and the active thread
pool is limited by the "threads" directive.

This should be noted in slapd-ldap(5) and slapd-meta(5); I'll fix them.

p.




Ing. Pierangelo Masarati
Responsabile Open Solution
OpenLDAP Core Team

SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
------------------------------------------
Office:   +39.02.23998309          
Mobile:   +39.333.4963172
Email:    pierangelo.masarati@sys-net.it
------------------------------------------