[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: referrals
On Fri, 16 Jan 2004, Howard Chu wrote:
> > -----Original Message-----
> > From: owner-openldap-software@OpenLDAP.org
> > [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Igor Brezac
>
> > Is it possible for a slave(replica) slapd server to chase referrals?
> > This was not possible in 2.1, but I was wondering if this can be done in
> > 2.2. I would like for an ldap client to be able to send modify/add
> > queries to slave slapd servers which in turn update the master.
>
> Yes, if you build slapd with back-ldap you can configure a chaining overlay
> that will chase referrals.
>
> database bdb
> suffix o=foo
> <back-bdb config directives>
> updateref ldap://master
> overlay chain
> back-ldap config directives:
> uri ldap://master
> binddn ...
> bindpw ...
>
> Note that since back-ldap only knows how to deal with a single target URI,
> (unlike back-meta, which handles multiple targets) this will only work if all
> your referrals point to the same server. At some point we'll overhaul
> back-ldap and add multiple target functionality to it...
>
Thanks for the response. I really need only one target (for one master),
so this should work for me.
> There is no documentation for this feature yet, the code is probably not in
> its final form. At present, the way it works is by opening a session to the
> remote server, binding with the binddn/bindpw, and executing the operation
> with a proxyAuthz control set to the original user's DN. No DN mapping is
> performed on the user's DN - in this context, the master and slave server are
> supposed to have identical DITs so mapping should not be needed. Obviously
> the binddn must have proxy privileges on the master server.
>
> -- Howard Chu
> Chief Architect, Symas Corp. Director, Highland Sun
> http://www.symas.com http://highlandsun.com/hyc
> Symas: Premier OpenSource Development and Support
>
>
--
Igor