[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#7963) Client paged results directive fails
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#7963) Client paged results directive fails
- From: hyc@symas.com
- Date: Thu, 09 Oct 2014 11:50:23 +0000
- Auto-submitted: auto-generated (OpenLDAP-ITS)
kenel.bastoon@gmail.com wrote:
> Full_Name: Bastien Bonnefon
> Version: 2.4.39
> OS: CentOS 7
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (194.2.202.93)
>
>
> Hi,
>
> I have installed openldap as meta directory to request multiple Active
> Directory.
> I have managed to install and make it work with dynamic configuration or
> slapd.conf.
> But one of the applications accessing the directory needs paged results due to
> the large amount of entries returned.
>
> So I've searched and found the directive "client-pr", which seems to have been
> enabled since this case :
> http://www.openldap.org/its/index.cgi/Software%20Enhancements?id=6664;page=4
>
> The directive is also dcribibed in the slapd-meta man page :
> http://www.openldap.org/software/man.cgi?query=slapd-meta&apropos=0&sektion=0&manpath=OpenLDAP+2.4-Release&format=html
Looking at the ITS history, it appears that this code was released in January
2011 but in fact, the released code is not actually enabled. (It is behind an
#ifdef LDAP_DEVEL mask.) Most likely a mistake was made in releasing it at
that time, since I see no actual test feedback in the ITS.
If you want to test this you will have to compile back-meta yourself, and edit
back-meta.h to make sure SLAPD_META_CLIENT_PR gets defined instead of being
hidden. Please then send your test results as a followup to ITS#6664.
> However, enabling the feature in slapd.conf (I just can't in olc format) doesn't
> work. Syslog shows this :
> "unknown directive <client-pr> inside backend database definition"
>
> I've started testing with CentOS 7 and package openldap 2.4.39
> I've then tried with Debian Wheezy and Ubuntu 14.04 (package slapd 2.4.31)
> I've also tried installing openldap from the source with the version 2.4.24
> (client-pr should have been enabled in this version due to ITS#6664) => no way
> :/
>
> I think I've declared the directive as specified in the man page but maybe I
> miss something. I have not found any other report on the web on how to use
> "client-pr".
> Thank you for your help.
>
>
> Here is my slapd.conf
>
> # Include
> include /etc/ldap/schema/core.schema
> include /etc/ldap/schema/cosine.schema
> include /etc/ldap/schema/inetorgperson.schema
> include /etc/ldap/schema/nis.schema
>
> pidfile /var/run/slapd/slapd.pid
> argsfile /var/run/slapd/slapd.args
>
> # Modules
> moduleload back_ldap.la
> moduleload back_meta.la
>
> # Database meta
> database meta
> suffix "dc=meta,dc=local"
>
> rootdn "cn=Manager,dc=meta,dc=local"
> rootpw secret_password1
>
> # First directory
> uri "ldap://192.168.0.1/ou=test1,dc=meta,dc=local";
> client-pr accept-unsolicited
> lastmod off
> suffixmassage "ou=test1,dc=meta,dc=local" "dc=test1,dc=local"
> idassert-bind bimemethod=simple
> binddn="cn=openldap,OU=users,OU=TEST,dc=test1,dc=local"
> credentials="secret_password2"
> mode=none
> flags=non-prescriptive
> idassert-authzFrom "dn.exact:cn=Manager,dc=meta,dc=local"
> chase-referrals no
> acl-authcDN cn=openldap,OU=users,OU=TEST,dc=test1,dc=local
> acl-passwd secret_password2
>
> # Second Directory
> uri "ldap://192.168.0.2/ou=test2,dc=meta,dc=local";
> client-pr accept-unsolicited
> lastmod off
> suffixmassage "ou=test2,dc=meta,dc=local" ,%c=test2,dc=local"
> idassert-bind bindmethod=simple
> binddn="cn=openldap,OU=users,OU=TEST,dc=test2,dc=local"
> credentials="secret_password3"
> mode=none
> flags=non-prescriptive
> idassert-authzFrom "dn.exact:cn=Manager,dc=meta,dc=local"
> chase-referrals no
> acl-authcDN "cn=openldap,OU=users,OU=TEST,dc=test2,dc=local"
> acl-passwd secret_password3
>
>
> idletimeout 1800
>
>
>
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/