[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: backend relay with empty suffix



Nikos Voutsinas wrote:
> Let me refer to the following case, hoping that this will help to spot
> all possible side effects resulted from the usage of empty suffixes.
> 
> Using a configuration like the one below, searches for
> attr=hasSubordinates against the ldap backend as 'uid=<uid>,ou=People',
> fail because searchDN is rewritten to:
> 
> [rw] searchDN: "ou=People" -> "ou=People,dc=contacts,dc=uoa,dc=gr"
> 
> 
> database        bdb
> suffix          "dc=contacts,dc=foo,dc=bar"
> .....
> .....
> database                ldap
> suffix                  "ou=People"
> overlay                 rwm
> rwm-suffixmassage       "ou=People,dc=foo,dc=bar"
> uri                     "ldap://server.foo.bar";
> ......
> ......
> database        relay
> suffix          ""
> relay           "dc=contacts,dc=foo,dc=bar" massage

Either I didn't get what you're trying to do, or you didn't explain it
clearly enough.  All I can do right now is try to explain what the above
configuration is supposed to do.

The above configuration serves 3 naming contexts:

1) "dc=contacts,dc=foo,dc=bar" is directly served by the local bdb

2) "ou=People" is directly served by the ldap proxy, by redirecting
requests whose DN ends in "ou=People" to the remote server
"server.foo.bar" after appending them the suffix "dc=foo,dc=bar"

3) any other request is served by the relay database, which appends to
the request DN the suffix "dc=contacts,dc=foo,dc=bar"; so any request is
actually mapped on the naming context of the local bdb.

I've tried the above configuration with HEAD code and with re23 code
(with those small fixes I had to introduce to avoid the core dump when
selecting a NULL dn; those have not been committed yet, sorry), and it
behaves as I explained (binds, searches, writes), so there appears to be
no bug.

Of course, if this is not the behavior you expect, you should try to
clarify it a bit further, so that better directions about configuring
slapd appropriately can follow.

p.



Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
---------------------------------------
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Email:   pierangelo.masarati@sys-net.it
---------------------------------------