[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Best way to merge two local DITs vs empty search base suffix



> Hello,
>
> We want to update our old OpenLDAP server from 2.1.x to 2.4.x but the
> current
> configuration do not use a regular suffix (o=foo,c=bar nor dc=foo,dc=bar)
> but
> use an empty suffix ("").
>
> We want to move away from empty suffix as we cannot use cn=monitor or any
> additional suffixes as they can not bind when a suffix ""is in use in a
> hdb database :
>
> <suffix> namingContext "o=..." already served by a preceding hdb database
> serving namingContext ""

Of course, you can't configure a database with non-null suffix after one
with null suffix:

database xxx
suffix ""

database yyy
suffix "cn=non-null"

this is invalid, since "" is more general than anything else.  But you can
always do

database yyy
suffix "cn=non-null"

database xxx
suffix ""

because any DN is less general than "".  Does this solve your problem?

p.

> We still have some old applications which are using empty search base and
> query
> implicitly the union of o=A and o=B stored within the same ldbm database.
>
> To maintain the backward compatibility we did a meta backend to merge the
> two local DITs
> under suffit "".
>
> The side effect of meta backend with ldap://localhost is the increase of
> the number
> opened tcp connection to slapd which are eating "thread" connections for
> "nothing".
> The number of "thread" in use is linked to the number of suffixmassage
> used in meta
> backend (2 in our case). We want to try to avoid increasing by two the
> number of theads
> in use to maintain the backward compatibility.
>
> Do you know an alternative way to merge two local DITs without using meta
> backend ?
> Can we use relay/ldap backend with rwm overlay instead of using meta
> backend ?
>
> database        meta
> suffix          ""
> uri             "ldap://localhost/o=test1";
> suffixmassage   "o=test1" "o=test1"
> uri             "ldap://localhost/o=test2";
> suffixmassage   "o=test2" "o=test2"
>
>
> Thank you for your help.
>
> Best Regards,
> Guy Baconniere.
>
>
>
> CURRENT CONFIG (slapd 2.1.x)
> suffix ""
> database ldbm
> rootdn "cn=manager"
> directory "/var/lib/ldap"
> # o=test1, o=test2, cn=manager are stored within the same ldbm database
>
> CURRENT LDAPSEARCH  (slapd 2.1.x)
> ldapsearch -LLL -h localhost -p 389 -x -b '' -s one '(objectclass=*)'
> '1.1'
> dn: o=test1
> dn: o=test2
> dn: cn=manager
>
>
> TEST CONFIG WITH BACKWARD COMPATIBILITY (slapd 2.4.x)
> database hdb
> suffix "o=test1"
> rootdn "cn=admin,dc=test3,dc=com"
> directory "/var/lib/ldap/test1"
> database hdb
> suffix "o=test2"
> rootdn "cn=admin,dc=test3,dc=com"
> directory "/var/lib/ldap/test2"
> database hdb
> suffix "dc=test3,dc=com"
> rootdn "cn=admin,dc=test3,dc=com"
> directory "/var/lib/ldap/dc=test3,dc=com"
> database relay
> suffix "cn=manager"
> overlay rwm
> rwm-rewriteEngine on
> rwm-suffixmassage "cn=manager" "cn=manager,o=admin"
> rwm-normalize-mapped-attrs yes
> database    meta
> suffix          ""
> uri             "ldap://localhost/o=test1";
> suffixmassage   "o=test1" "o=test1"
> uri             "ldap://localhost/o=test2";
> suffixmassage   "o=test2" "o=test2"
>
> LDAPSEARCH WITHOUT META BACKEND (slapd 2.4.x)
> ldapsearch -LLL -h localhost -p 389 -x -b '' -s one '(objectclass=*)'
> '1.1'
> No such object (32)
>
> LDAPSEARCH WITH META BACKEND (slapd 2.4.x)
> ldapsearch -LLL -h localhost -p 389 -x -b '' -s one '(objectclass=*)'
> '1.1'
> dn: o=test1
> dn: o=test2
>
> OPENLDAP LOGS SHOWING THE LOCAL CONNECTIONS OF META BACKEND
> slapd[29622]: conn=11 fd=37 ACCEPT from IP=127.0.0.1:33680
> (IP=0.0.0.0:389)
> slapd[29622]: conn=11 op=0 BIND dn="" method=128
> slapd[29622]: conn=11 op=0 RESULT tag=97 err=0 text=
> slapd[29622]: conn=11 op=1 SRCH base="" scope=1 deref=0
> filter="(objectClass=*)"
> slapd[29622]: conn=11 op=1 SRCH attr=1.1
> slapd[29622]: conn=8 op=3 SRCH base="o=test1" scope=0 deref=0
> filter="(objectClass=*)"
> slapd[29622]: conn=8 op=3 SRCH attr=1.1
> slapd[29622]: conn=8 op=3 SEARCH RESULT tag=101 err=0 nentries=1 text=
> slapd[29622]: conn=9 op=3 SRCH base="o=test2" scope=0 deref=0
> filter="(objectClass=*)"
> slapd[29622]: conn=9 op=3 SRCH attr=1.1
> slapd[29622]: conn=9 op=3 SEARCH RESULT tag=101 err=0 nentries=1 text=
> slapd[29622]: conn=11 op=1 SEARCH RESULT tag=101 err=0 nentries=2 text=
> slapd[29622]: conn=11 op=2 UNBIND
> slapd[29622]: conn=11 fd=37 closed
>
>
>