[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Can dynlist query from database hdb access entries in a database ldap on the same slapd?
openldap 2.3 latest
the dynlist feature works when I change the database backend from ldap
to a bdb backend replica of the master. That's unfortunate, I'd like
to not have to replicate the data to my local ldap box.
-judd
On Tue, Mar 27, 2012 at 3:30 PM, Judd Maltin <judd@newgoliath.com> wrote:
> START slapd.conf:
>
> overlay     dynlist
> dynlist-attrset myGroupOfURLs myMemberURL
>
> # happy.net: I can query through this proxy just fine.
> database    Âldap
> suffix     Â"dc=happy,dc=net"
> uri       "ldap://ldap1.lga6.us.happy.net";
> acl-bind    Âbindmethod=simple binddn="cn=replicant,ou=Service
> Accounts,dc=happy,dc=net" credentials=my!!replicant
>
> # happy.com: the following database has dc=happy,dc=com data in it already.
> database    Âhdb
> suffix     Â""
> rootdn     Â"cn=Manager,dc=happy,dc=com"
> rootpw     secret
>
> directory    /var/lib/ldap
>
> index objectClass            eq,pres
> index ou,cn,mail,surname,givenname   Âeq,pres,sub
> index uidNumber,gidNumber,loginShell  Âeq,pres
> index uid,memberUid           eq,pres,sub
> index nisMapName,nisMapEntry      Âeq,pres,sub
> # indexes for replication
> index entryCSN,entryUUID Â Â Â Â Â Â Â Âeq
>
> overlay syncprov
> syncprov-checkpoint 100 10
> syncprov-sessionlog 200
>
> END slapd.conf
>
> START good dynlist entry
>
> dn: cn=admin2,ou=Groups,dc=happy,dc=com
> objectClass: posixGroup
> objectClass: top
> objectClass: myGroupOfURLs
> cn: admin2
> gidNumber: 20005
> myMemberURL: ldap:///cn=sysadmins,ou=Groups,dc=happy,dc=com?memberUID?base?(objectClass=posixGroup)
>
> works great and populates my memberUID just great.
>
> END good dynlist entry
>
> START bad dynlist entry
> dn: cn=admin2,ou=Groups,dc=happy,dc=com
> objectClass: posixGroup
> objectClass: top
> objectClass: myGroupOfURLs
> cn: admin2
> gidNumber: 20005
> myMemberURL: ldap:///cn=sysadmins,ou=Groups,dc=happy,dc=net?memberUID?base?(objectClass=posixGroup)
>
> FAILS no entries in memeberUID - it a naming context mixup because
> "suffix ''" above?
>
>
> --
> Judd Maltin
> T: 917-882-1270
> F: 501-694-7809
> A loving heart is never wrong.
--
Judd Maltin
T: 917-882-1270
F: 501-694-7809
A loving heart is never wrong.