[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: back-meta hangs (ITS#3058)
>
>>I remember that sentence (I might have written it myself); the point is
>>that the mechanism, AFAIR, is quite gross, in that the failover occurs
>>when the connection is first initialized; since back-ldap (I don't recall
>>back-meta) pools connections, if the failure occurs and there's no
>>connection re-init, you're stuck.
>>
> I've tested back-ldap, it does failover very well (at least as well as
> back-meta). When I have multiple target servers in the uri, separated by
> spaces, back-ldap always tries to contact the first one. If it doesn't
> respond, back-ldap retries with the next target. If it finds a working
> target server, it returns the results to the client.
> All this is completely transparent to the client.
>
> However, since the list of targets for back-ldap is space or
> comma-separated, I have to drop the base DN from uri specification (as
> it contains a comma - it's a DN after all...).
back-ldap doesn't need any DN portion of the URI; actually,
for some time checks were were in place to enforce its absence!
>
> My setup looks approximately like this (back-ldap is a separate slapd
> instance that listens on port 391):
>
> -------BEGIN-------
> database ldap
> suffix "dc=example,dc=com,o=Organization"
> rootdn "cn=Manager,dc=example,dc=com,o=Organization"
> rootpw secret
> uri "ldap://localhost:389/ ldaps://ldapreplica.example.com"
>
> # dla starego base DN "o=altkom.com.pl":
> database ldap
> suffix "o=altkom.com.pl"
>
> uri "ldap://localhost:389/ ldaps://ldapreplica.example.com"
> suffixmassage "o=example.com" "dc=example,dc=com,o=Organization"
>
> # for empty base DN:
> database ldap
> suffix ""
>
> uri "ldap://localhost:389/ ldaps://ldapreplica.example.com"
>
> rewriteEngine on
> rewriteContext searchBase
> rewriteRule "$" "dc=example,dc=com,o=Organization" ":"
^^^ this rule is weird, I don't understand it.
Apparently, it maps *** anything *** into
"dc=example,dc=com,o=Organization"; hope it's intended!
If what you want to accomplish is redirect searches
for an unrecognized base to the database serving
"dc=example,dc=com,o=Organization", you may want to have
a look at the "defaultSearchBase" directive in slapd.conf(5);
otherwise, the same effect could be obtained by
rewriteEngine on
rewriteContext searchBase
rewriteRule ".*" "%0,dc=example,dc=com,o=Organization" ":@"
at the cost of an extra back-ldap processing!
p.
> -------END-------
>
> Now I have to see whether back-ldap won't exhibit the deadlock problem
> back-meta did... This will require some weeks of stable operation.
--
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it
SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497