[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Problem with slapd-meta

I have five branches in my meta directory. I mentioned only one to simplify
the message.

The client begins every search (whatever the search criteria) with this
request :
Oct 29 19:34:22 localhost slapd[2181]: conn=14 op=1 SRCH
base="o=mydomain,c=fr" scope=0 deref=0 filter="(objectClass=*)" 
Oct 29 19:34:22 localhost slapd[2181]: conn=14 op=1 SRCH attr=objectClass 

In a meta drirectory, this cannot works. Accordind to the "man" : The only
operation that may resolve to multiple targets is a search with scope at
least "one", which results in spawning searches to the targets.

I am looking for a work-around. I have tested all possibilities for several
days, in vain. 



-----Message d'origine-----
De : Pierangelo Masarati [mailto:ando@sys-net.it] 
Envoyé : dimanche 29 octobre 2006 17:13
À : Dominique VOLPE
Cc : openldap-software@openldap.org
Objet : Re: Problem with slapd-meta

Dominique VOLPE wrote:
> Hi,
> I try to install a meta directory.
> My slapd.conf looks like that :
> database        meta
> suffix          "o=mydomain,c=fr"
> rootdn          "cn=Manager,o=mydomain,c=fr"
> rootpw          secret
> lastmod         off
> uri             "ldap://xxxxx/ou=persons,o=mydomain,c=fr";
> suffixmassage   "ou=persons,o=mydomain,c=fr" "ou=org1,o=mydomain,c=fr"
> When I search an address whith my email client, I can see in the log :
> conn=5 op=1 SRCH base="o=mydomain,c=fr" scope=0 deref=0 
> filter="(objectClass=*)"
> conn=5 op=1 SRCH attr=objectClass
> daemon: select: listen=6 active_threads=0 tvp=NULL
> daemon: select: listen=7 active_threads=0 tvp=NULL request 1 done
> conn=5 op=1 SEARCH RESULT tag=101 err=32 nentries=0 text=
> It tries to list all objectclasses, but it uses the scope "base" 
> (scope=0) instead of "sub" (scope=2).
> Thus, it produces an error.
> Has anybody already met this problem and did find a solution?
> I think I could do it with rewrite rules, but I didn't find how to 
> substitute the scope.
The scope of a search is automatically handled by slapd-meta to deal with
matching the request with what the targets are supposed to handle, there's
no way you can explicitly modify the scope of asearch.  However, your issue
occurs well before any rewriting takes place.

In your slapd.conf you configure the meta database so that it can handle
requests in the "o=mydomain,c=fr" naming context; then, you configure the
only target in a manner that it can only deal with requests in the
"ou=persons,o=mydomain,c=fr" branch of that naming context.  As the client
searches for "o=mydomain,c=fr" with a scope of "base", it means that the
client really wants only that very entry, which your meta database can't
answer.  Either you configure the target so that it can return that very
entry, or you configure your client to request what the database can
actually return.


Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
Office:   +39.02.23998309
Mobile:   +39.333.4963172
Email:    pierangelo.masarati@sys-net.it