[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slapd-meta Example Config ?



I finally used ; in RDN and space between URIs with a single pair of double quotes wrapping the whole thing :

uri "ldap://ldaptux.int-evry.fr:9009/dc=int-evry;dc=meta;dc=fr ldap://localhost/dc=int-evry;dc=meta;dc=fr";
suffixmassage "dc=int-evry,dc=meta,dc=fr" "dc=int-evry,dc=fr"


slapd -d 64
line 93 (uri "ldap://ldaptux.int-evry.fr:9009/dc=int-evry;dc=meta;dc=fr ldap://localhost/dc=int-evry;dc=meta;dc=fr";)
line 94 (suffixmassage "dc=int-evry,dc=meta,dc=fr" "dc=int-evry,dc=fr")
line 101 (lastmod off)
slapd starting


Great :-) it starts !

however an ldapsearch doesn't work :-(, indeed here's what the search finnally came to:

Jan 31 14:35:21 ldaptux slapd[19758]: conn=6 op=1 SRCH base="dc=int-evry,dc=meta,dc=fr ldap://localhost/dc=int-evry,dc=fr"; scope=2 filter="(cn=*)"

Search base is wrong ! it should be base="dc=int-evry,dc=fr", I suppose the uri syntax I used is still not correct !?

Jehan PROCACCIA wrote:
After some time ... I finally tested your workaround about using replicas in the uri directive of a backend-meta

Pierangelo Masarati wrote:
 > Another workaround is to use semicolons ';' to separate RDNs
 > in the <DN> part of the URI; note that semicolons as RDN separators
 > are deprecated, but currently accepted by OpenLDAP's DN parsing code,
 > as required by rfc2253.
cf then end of the mail for more ...

1st test with ; between RDN and , between URI
slapd.conf
database meta
suffix "dc=meta,dc=fr"
uri "ldap://ldaptux.int-evry.fr:9009/dc=int-evry;dc=meta;dc=fr,ldap://localhost/dc=int-evry;dc=meta;dc=fr";


suffixmassage "dc=int-evry,dc=meta,dc=fr" "dc=int-evry,dc=fr"

slapd -d 64 ...

line 93 (uri "ldap://ldaptux.int-evry.fr:9009/dc=int-evry;dc=meta;dc=fr,ldap://localhost/dc=int-evry;dc=meta;dc=fr";)

/etc/openldap/slapd_meta.conf: line 93: target 'ldap://ldaptux.int-evry.fr:9009/dc=int-evry;dc=meta;dc=fr,ldap://localhost/dc=int-evry;dc=meta;dc=fr' DN is invalid
slapd stopped.


then with space separator between URI and "URI" in double quotes:

line 93 (uri "ldap://ldaptux.int-evry.fr:9009/dc=int-evry;dc=meta;dc=fr"; "ldap://localhost/dc=int-evry;dc=meta;dc=fr";)
/etc/openldap/slapd_meta.conf: line 93: missing address in "uri <protocol>://<server>[:port]/<naming context>" line
slapd stopped.


I can't find the right syntax to allow replicas (multiple URIs) in the uri directive of the backend-meta .
If workarounds don't work , do I need really need to hack ldap_url_parselist().
Isn't it schedule for future realeses ?


thanks.

Pierangelo Masarati wrote:

OK, forget my hints, now I remember why I didn't do that
right from the beginning: the call to ldap_initialize cannot
assess whether the server is up or not, since the connection
is actually established when the first operation is attempted.
There needs be a lot of reworking to allow this kind of feature
(which is not impossible in principle), but a lot of specific
coding is required, and it cannot definitely done at the API
level (unless extensively playing with the LDAP* structure)



More on this: the point is that ldap_initialize() expects a comma/space separated url list; unfortunately, I chose to use a (legal) URI of the form <PROTO>://[<host>]:[<PORT>]/<DN> to simultaneously specify the protocol, the host, the port AND the base dn for a specific target, and the commas in the dn are erroneously parsed into illegal URIs.

One workaround is to change ldap_url_parselist() to use only spaces
as separators (dunno who relies on URI lists being comma-separated,
though).

Another workaround is to use semicolons ';' to separate RDNs
in the <DN> part of the URI; note that semicolons as RDN separators
are deprecated, but currently accepted by OpenLDAP's DN parsing code,
as required by rfc2253.

This way, you can specify a list of URIs.  I haven't checked
if the URIs are tried in sequence in case one or more fail.

P.M.