Neuharth, Steven wrote:
Interesting. It does work now that I have added thos map directives. IsNo, all that I'm aware of is the slapd-meta(5) in 2.2 and slapo-rwm(5) in HEAD/2.3, plus a bunch of emails.
there a good book or source for information regarding meta-back or overlays.
It seems as if you can do so much with them but I have not found any good
tutorials or how-tos on these subjects. The examples in the source help but
clearly are a small subset of the capabilities.
Because in your slapd.conf there's no database serving that suffix. Moreover, I don't know how back-meta works with multiple suffixes, it's something I haven't considered for a long time. I suggest you use back-ldap instead of back-meta, and you split it in two databases each serving a naming context; moreover, you should use a back-ldbm (why aren't you using back-bdb yet?) rooted at "dc=moneygram,dc=com" that glues the two subtrees of "dc=moneygram,dc=com" together (see the "subordinate" directive in slapd.conf(5), which in 2.3 will move into the glue overlay, described in slapo-glue(5)). Something likeI do not seem to be able to search at the dc=moneygram,dc=com level. It works fine if I search a specific DC beneath that level but, as you can see in the config, dc=moneygram,dc=com does not really exist. Can searches from that suffix be relayed down to my more specific suffixes?
database ldbm suffix "ou=corp,dc=moneygram,dc=com" subordinate # ...
database ldap suffix "ou=b2b,dc=moneygram,dc=com" suffixmassage "ou=b2b,dc=moneygram,dc=com" "dc=temgweb,dc=com" map objectClass groupOfNames groupOfUniqueNames map attribute member uniqueMember subordinate # ...
database ldbm suffix "dc=moneygram,dc=com" # ...
database ldap suffix "dc=temgweb,dc=com" # ...
p.
The backend directory is actually iPlanet 5.2 not OpenLDAP. My config looks like this:
database ldbm suffix "ou=corp,dc=moneygram,dc=com" rootdn "cn=Manager,ou=corp,dc=moneygram,dc=com" # Cleartext passwords, especially for the rootdn, should # be avoided. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. rootpw XXX # rootpw {crypt}ijFYNcSNctBYg
# The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory /var/lib/ldap
# Indices to maintain for this database index objectClass,uidNumber,gidNumber eq index cn,sn,uid,displayName pres,sub,eq index memberUid,mail,givenname eq,subinitial index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq
# Replicas of this database #replogfile /var/lib/ldap/openldap-master-replog #replica host=ldap-1.example.com:389 tls=yes # bindmethod=sasl saslmech=GSSAPI # authcId=host/ldap-master.example.com@EXAMPLE.COM
database meta suffix "dc=temgweb,dc=com" suffix "ou=b2b,dc=moneygram,dc=com" dncache-ttl forever lastmod off uri "ldap://XXX:@PORT@/dc=temgweb,dc=com" binddn "cn=Directory Manager" bindpw "XXX" pseudorootdn "cn=Manager,ou=b2b,dc=moneygram,dc=com" pseudorootpw XXX map objectClass groupOfNames groupOfUniqueNames map attribute member uniqueMember
rewriteEngine on
rewriteContext default rewriteRule "(.*)ou=b2b,dc=moneygram,dc=com" "%1dc=temgweb,dc=com" rewriteContext searchFilter rewriteRule "(.*)Member=([^)]+),ou=b2b,dc=moneygram,dc=com(.*)" "%1Member=%2,dc=temgweb,dc=com%3" rewriteContext searchBase alias default
rewriteContext searchResult rewriteRule "(.*)dc=temgweb,dc=com" "%1ou=b2b,dc=moneygram,dc=com" rewriteContext matchedDN alias searchResult
SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497