[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: back-ldap with glue overlay

There's already an ITS filed about the glue overlay, it prevents any other overlays underneath it from executing on the most-superior database.
(ITS#4323 IIRC)

Until that's fixed, you might see if using a relay database can get around the problem.

Eric Irrgang wrote:
I have an LDAP server that gets most of its data remotely but stores some

database        ldif
suffix          "ou=groups,dc=foo"
directory       /var/ldap/groups

database        ldap
suffix          "dc=foo"
uri             "ldaps://otherserver:636/"
overlay         rwm
rwm-suffixmassage "dc=foo"      "dc=other"

If I do a search with a base of ou=people,dc=foo it gets proxied and a
search base of ou=groups,dc=foo hits the local ldif backend.

I would like to be able to use a search base of dc=foo and have searches
go to both backends, but if I add 'subordinate' in the ldif backend
definition, the ldap backend stops working because the search base stops
getting translated by the rwm overlay and searches still aren't propagated
to the ldif backend.

Can the glue overlay be used with an ldap backend as the superior
database?  If not, any other suggestions?  Could I define the ldap backedn
with multiple suffixes (one for each of the first-level branches) and then
glue both databases into a superior one that supports the glue overlay?

 -- Howard Chu
 Chief Architect, Symas Corp.  http://www.symas.com
 Director, Highland Sun        http://highlandsun.com/hyc
 OpenLDAP Core Team            http://www.openldap.org/project/