[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Online config, delta syncrepl and overlay chain



Dieter Kluenter wrote:
Christian Roessner<christian@roessner-net.com>  writes:

Hi Dieter,

This depends :-)
But in most cases the overlays are an extension to a specific database
declaration

Ok, I have added it to the htb-part:

DN: olcOverlay={0}chain,olcDatabase={1}hdb,cn=config
objectClass: olcChainConfig
objectClass: olcConfig
objectClass: olcOverlayConfig
objectClass: top
olcOverlay: {0}chain

overlay chain
chain-uri ldap://foo/
chain-idassert-bind bindmethod=simple
                     binddn="..." credentials="..."
                     mode=self
                     flags=non-prescriptive
chain-rebind-as-user true
chain-return-error true

My problem is that I can not find the corresponding old-attributes. I
only could set:

olcChainCacheURI
olcChainMaxReferralDepth
olcChainReturnError
olcChainingBehavior

So, what have I done wrong?

There is nothing wrong. The chain overlay is derived from back-ldap,
that is, only attributes unknown to back-ldap, are specific to chain
overlay.
ldapsearch [-Y external -H ldapi:///]-b "cn=subschema" -s base + | grep
-A4 'olcLDAPConfig'
will show the missing attributes. But as man slapo-chain(5) mentions,
an extension of chain- will distinguish from other configuration
parameters. If this applies to cn=config related attributes I don't
know, as I don't have a chained replication setup. Others may answer
to this.

Under the covers, the chain overlay creates a private back-ldap instance. For dynamically adding with cn=config, you have to create this instance yourself. See the later section of test022-ppolicy in the test suite for an example of how this is done.

--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/