[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP Proxy resolution by rewriting in meta-backend

To: <anibal.caceres@ericsson.com>
Subject: Re: LDAP Proxy resolution by rewriting in meta-backend
From: "Pierangelo Masarati" <ando@sys-net.it>
Date: Fri, 16 Jan 2004 13:54:51 +0100 (CET)
Cc: <openldap-software@OpenLDAP.org>
Importance: Normal
In-reply-to: <4007D1CE.6010305@ericsson.com>
References: <20040116101654.GA97094@LF.net> <Pine.LNX.4.58.0401161139380.14618@the-little-computer-people-project> <4007D1CE.6010305@ericsson.com>

>     Hi all,
>     I'm new to OpenLDAP, and I would like to know if someone can clarify
>
> me how the LDAP Proxy resolution works in the meta and ldap backends. As
>  you can read in the slapd-meta man page, this can be used to initiate
> operations in remote hosts,by using the rewriteRules, but I've tried to
> use it and it doesn't work for me, so I supposse I'm not configuring it
> properly, or I'm not understanding how it really works.
>     I've the following configuration (in slapd.conf) for the meta
> backend:
>
> database        meta
> suffix          "o=company"
> uri             "ldap://localhost:30389/ou=subscribers,o=company";
> rewriteEngine   on
> rewriteContext searchBase
> rewriteRule     '.*' 'ldap://localhost:40389/%0' '@'
>
>
>     And then I do the following search:
>
> ldapsearch -H ldap://localhost:20389 -x -b "o=company" SearchOn="yes"
>
>     As far as I understand, this should go to the target specified in
> the configuration file, and there the rewiting rules should apply, so
> the operation must be redirected to ldap://localhost:40389. Is it that
> way?, or am I missing something?, the thing is that it's not working as
> I expect, and the query is received by the server
> ldap://localhost:30839... so it seems the rewriting rules are being
> ignored.

The rewrite rule you're writing is not correct
in the sense that the behaviour you expect is
not supported (yet), but it is marked in the
slapd-meta(5) man page as an expected evolution
of the rewrite engine (I need to remove it; that
sentence was intended for a white paper on
rewriting, not for a man page).  It is unclear,
though, what you intend to obtain.  If all you
want to do back-meta to contact "localhost:40389"
instead of "localhost:40389", all you need to do
is set "uri ldap://localhost:40389"; instead of
the one you're using.  If you want it to contact
another host only for searches, then there's
very little you can do (and I don't presently
see any reason to do it; am I missing aything?)

p.

-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it

References:
- Replication sucks :-)
  - From: Marc Schoechlin <ms-ldap@bart.LF.net>
- Re: Replication sucks :-)
  - From: Stefan Finke <sfinke@uni-paderborn.de>
- LDAP Proxy resolution by rewriting in meta-backend
  - From: Anibal Caceres Hernando <anibal.caceres@ericsson.com>

Prev by Date: Re: sql-backend
Next by Date: Re: sql-backend
Index(es):
- Chronological
- Thread