Le 2016-01-08 11:48, M. P. a écrit :
Hi,
We are on a process of merging datas from a remote database to a local
database. The two databases have the same base dn. To ease this
process, I thought for a way to make a union of the remote database
and the local database until remote datas are merged to local
database. From my reading I found this thread
http://thread.gmane.org/gmane.network.openldap.technical/11893 that is
something that correspond I think to what I want.
The practical part is done on a debian jessie 8.2 with openldap
2.4.40+dfsg-1+deb8u1 version. The local database definition is like
this.
# Entry 1: olcDatabase={2}mdb,cn=config
dn: olcDatabase={2}mdb,cn=config
objectclass: olcDatabaseConfig
objectclass: olcMdbConfig
olcaccess: ...
olcdatabase: {2}mdb
olcdbdirectory: /var/lib/ldap/base_dn
olcdbindex: ...
olcdbmaxsize: 104857600
olclimits: ...
olcrootdn: cn=admin,dc=base,dc=dn
olcrootpw: {SSHA}.......
olcsuffix: dc=base,dc=dn
olcsyncrepl: ...
olcupdateref: ldap://master.ldap.server/
To this database definition I have added this part to make translucent
work.
# ldapadd -Y EXTERNAL -H ldapi:/// << EOF
dn: olcOverlay=translucent,olcDatabase={2}mdb,cn=config
objectClass: olcConfig
objectClass: olcOverlayConfig
objectClass: olcTranslucentConfig
objectClass: top
olcOverlay: translucent
EOF
# ldapadd -Y EXTERNAL -H ldapi:/// << EOF
dn:
olcDatabase=ldap,olcOverlay={3}translucent,olcDatabase={2}mdb,cn=config
objectClass: olcConfig
objectClass: olcLDAPConfig
objectClass: olcTranslucentDatabase
objectClass: olcDatabaseConfig
olcDbURI: ldap://remote-ldap.server
olcDbIDAssertBind: bindmethod="simple"
binddn="cn=binddn,dc=base,dc=dn" credentials="onepassword" mode="self"
EOF
With this configuration, I can see on the local server, the entries
that are available on the remote server only, an ldapsearch does not
return entries available on the local server. Is this the normal
behavior ?
It seems that it is not totally true. Further testing let me say that
entries that are present on the local server and not on the remote
server, will not be displayed when searching the ldap server. When
entries exists in both servers, the remote entries will be
appended/overwrited by local entries before being displayed.
I see a workaround to that by creating on the remote server the
entries that are missing on remote server but present on the local
server but it's certainly not the cleaner possible solution.
It's certainly possible to achieve what I want through a cleaner way.
Another problem is that when I restart slapd, I have an error like
this
slapd[3440]: @(#) $OpenLDAP: slapd (Sep 11 2015 15:11:55)
$#012#011buildd@babin:/build/openldap-nFTO9j/openldap-2.4.40+dfsg/debian/build/servers/slapd
slapd[3441]: syncprov_db_open: invalid config, lastmod must be enabled
slapd[3441]: backend_startup_one (type=mdb,
suffix="dc=linkeo,dc=com"): bi_db_open failed! (-1)
slapd[3441]: DIGEST-MD5 common mech free
slapd[3441]: slapd stopped.
I have to reload config without dn:
olcOverlay=translucent,olcDatabase={2}mdb,cn=config and dn:
olcDatabase=ldap,olcOverlay={3}translucent,olcDatabase={2}mdb,cn=config
entries to make slapd start properly.
Can somebody tell me what I have done wrong ?
On a second test machine I don't have this problem. I can stop slapd
and start it later without problem. I don't know why, host system,
slpad version ,config, all is similar. have to investigate.