[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: LDAP Proxy resolution by rewriting in meta-backend
> Hi Pierangelo,
Hi;
please stay on the list.
> Thank you very much for your fast response, so if the behaviour
> described in the slapd-meta(5) man page is still not implemented that
> was the cause of my problem... The sample I sent to the list is a
> simplification of what I really wanted to do, I'll try to explain it to
> you:
> I have a set of user information distributed in 2 directory servers:
>
> ldap://localhost:30839, and ldap://localhost:40839. Users are
> identified by an attribute called SearchOn, which is a string with a
> number inside it, this number can finish in 1, or in 2. Users with the
> number finishing in 1 are in ldap://localhost:30839, and users with the
> number finishing in 2 are in ldap://localhost:40389. All the users, in
> both directory servers, are in the same directory branch: "o=company,
> ou=users".
> Then, what I wanted to do is to use a slapd meta backend to redirect
>
> the querys about the users to the proper directory server. The
> configuration to do this with the meta would be:
>
> database meta
> suffix "o=company"
> uri "ldap://localhost:30389/ou=subscribers,o=company";
> uri "ldap://localhost:40389/ou=subscribers,o=company";
>
> But this will always send the request to both directory servers,
> because there's ambiguity, and I wanted for the request to be sent only
> to the proper one, then I read about the LDAP proxy resolution by
> rewriting in the man page, and I thougt my solution was there, so I
> tried this:
>
> database meta
> suffix "o=company"
> uri "ldap://localhost:30389/ou=subscribers,o=company";
> rewriteEngine on
> reWriteContext searchFilter
> rewriteRule '(.*)[0-9]*1(.*)' 'ldap://localhost:30389/%0' '@'
> rewriteRule '(.*)[0-9]*2(.*)' 'ldap://localhost:40389/%0' '@'
>
> Of course, this didn't work, because as you said it's not still
> implemented, then I asked why and tried to test some more related
> things... and you know the rest of the history.
> Do you think there's some way to do what I want by configuring
> properly the meta backend? Again, thank you very much for your help.
> Kind regards,
What you're trying to do would be pretty easy;
database meta
suffix "o=company"
uri "ldap://localhost:30389/<subcontext,>o=company"
rewriteEngine on
reWriteContext searchFilter
rewriteRule '<from>' '<to>' '@'
uri "ldap://localhost:30489/<subcontext,>o=company"
rewriteEngine on
reWriteContext searchFilter
rewriteRule '<from>' '<to>' '@'
it is unclear what you're rewriting to; do you
need to change any part of the naming context?
If you'd be more precise on where the entries
are and what's your entry naming policy I can
be more precise.
Note that determining the exact placement of
an entry based on the content of a non naming
attribute is too far from the LDAP naming
paradigm even for back meta; I could think of
adding a "filter" portion to the URI, and use
it in selecting the most appropriate target,
but that's really wicked! Interesting, though.
p.
--
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it