[Date Prev][Date Next]
Re: back-ldap with glue overlay
I had some fun with this a while back. Lots of syntax that you think would
work (and likely will work with better rwm/glue interaction) eventually
run into one ITS or another like Howard noted below. I don't remember
getting anywhere useful with back-relay. In the end, the simplest config
was the one that worked:
which is the best I can come up with, although I'd appreciate revisions. I
should note it works fine for many days and then stops, at which point I
run into ITS#4409/4429/etc. (One of my colleagues thinks it might be
On Sat, 18 Mar 2006, Howard Chu wrote:
> There's already an ITS filed about the glue overlay, it prevents any
> other overlays underneath it from executing on the most-superior database.
> (ITS#4323 IIRC)
> Until that's fixed, you might see if using a relay database can get
> around the problem.
> Eric Irrgang wrote:
> > I have an LDAP server that gets most of its data remotely but stores some
> > internally:
> > database ldif
> > suffix "ou=groups,dc=foo"
> > directory /var/ldap/groups
> > database ldap
> > suffix "dc=foo"
> > uri "ldaps://otherserver:636/"
> > overlay rwm
> > rwm-suffixmassage "dc=foo" "dc=other"
> > If I do a search with a base of ou=people,dc=foo it gets proxied and a
> > search base of ou=groups,dc=foo hits the local ldif backend.
> > I would like to be able to use a search base of dc=foo and have searches
> > go to both backends, but if I add 'subordinate' in the ldif backend
> > definition, the ldap backend stops working because the search base stops
> > getting translated by the rwm overlay and searches still aren't propagated
> > to the ldif backend.
> > Can the glue overlay be used with an ldap backend as the superior
> > database? If not, any other suggestions? Could I define the ldap backedn
> > with multiple suffixes (one for each of the first-level branches) and then
> > glue both databases into a superior one that supports the glue overlay?