[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ldap proxy resolution by rewriting in meta-backend
Thanks a lot pour your answer.
I tried to have three "database ldap" and a database relay that would
direct to only one, depending on the search filter.
But I can't manage to quit the "database relay" paragraph when the
condition ".*-b" or "*-c" matches.
For example, if "uid=toto-b", it should search through
"ou=b,ou=mysociety", i.e. via the second "database ldap", but in spite
of the ":@", it does also the following "suffixmassage" so the search
base in every case is "ou=a,ou=mysociety".
Also the part beginning with "overlay rwm" and ending with
"rwm-rewriteContext default" doesn't seem to make any difference.
My slapd.conf looks like:
database relay
suffix "ou=virtual,ou=mysociety"
overlay rwm
rwm-rewriteEngine on
rwm-rewriteContext searchFilter
rwm-suffixmassage ou=b,ou=mysociety
rwm-rewriteRule "(.*-b\))" "%1,ou=divers,ou=b,ou=mysociety" ":@"
rwm-suffixmassage "ou=b,ou=mysociety" "ou=c,ou=mysociety"
#rwm-rewriteRule "ou=b,ou=mysociety" "ou=c,ou=mysociety"
rwm-rewriteRule "(.*-dgi\))" "%1,ou=personnes,ou=c,ou=mysociety" ":@"
rwm-suffixmassage "ou=c,ou=mysociety" "ou=a,ou=mysociety"
#rwm-rewriteRule "ou=c,ou=mysociety" "ou=a,ou=mysociety"
database ldap
suffix ou=a,ou=mysociety
rebind-as-user
uri ldap://127.0.0.1:390
database ldap
uri ldap://127.0.0.1:391
suffix "ou=b,ou=mysociety"
rebind-as-user
#overlay rwm
#rwm-rewriteEngine on
#rwm-rewriteContext searchFilter
#rwm-rewriteRule "^(.+),ou=b,ou=mysociety,c=fr$" "$1" ":@"
#rwm-rewriteContext default
database ldap
uri ldap://10.127.0.0.1:392
suffix "ou=c,ou=mysociety"
rebind-as-user
Pierangelo Masarati a écrit :
yamina wrote:
Hello,
I want to use the "LDAP Proxy resolution" mode related in the
"slapd-meta" man but I don't manage to make it works.
I wonder if it is implemented yet because I saw a message dated Fri, 16
Jan 2004 17:09:10 +0100 in which the same problem is not solved.
That man page is a copy and paste from a white paper. That feature is
a TODO and should be removed from the man page.
You might be able to obtain something like that by using a proxy that
statically maps a given subtree to a given server. Something like
database relay
suffix "dc=virtual"
overlay rwm
...
rwm rules that rewrite the base DN of a search based on the contents
of the filter (not a trivial rule, though) to a temporary DN like
(uid=*-b) -> $BASEDN,dc=server1
(uid=*-c) -> $BASEDN,dc=server2
...
Then add
database ldap
suffix "dc=server1"
overlay rwm
rwm-rewriteEngine on
rwm-rewiteContext searchDN
rwm-rewriteRule "^(.+),dc=server1$" "$1" "@:"
rwm-rewiteContext default
database ldap
suffix "dc=server2"
overlay rwm
rwm-rewriteEngine on
rwm-rewiteContext searchDN
rwm-rewriteRule "^(.+),dc=server2$" "$1" "@:"
rwm-rewiteContext default
...
and so on. The whole thing may need quite a bit of shakedown, and is
going to be far from efficient, though.
p.
--
Cordialement,
Yamina SIROT
équipe PAMELA
0437918949