[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Client not getting reply from slapd-ldap proxy



Pierangelo Masarati wrote:
On Thu, 2006-01-19 at 17:08 -0500, Joshua Myles wrote:

Apparently, the proxy doesn't know about "foobarUniqueIdentifier" and
thus DN normalization fails. You should extend the proxy schema with
those items it's intended to proxy. Note that OpenLDAP 2.3 contains
some provisions to automatically extend the schema of proxied data;
apparently, you're not doing things in the "right" sequence (for
example, if a previous operation returned "foobarUniqueIdentifier", it
would have made it into the "proxied" attrs set, and it would have been
"blindly" accepted in DN normalization; however this is sort of a
workaround. The best solution is to extend the schema of the proxy.



[advertisement: SysNet developed custom tools to do this automatically
from flat file or from remote server, one-shot or periodically; they
also fix known flaws and issues in third party and older OpenLDAP DSA
schemas].

I suppose we could make back-ldap read the remote servers subschemasubentry at startup time, or something, and import any schema definitions that didn't clash with local ones.


--
 -- Howard Chu
 Chief Architect, Symas Corp.  http://www.symas.com
 Director, Highland Sun        http://highlandsun.com/hyc
 OpenLDAP Core Team            http://www.openldap.org/project/