[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Problem binding two naming contexts

On Wed, 2005-11-23 at 11:08 +0100, Jan-Piet Mens wrote:
> On Tue Nov 22 2005 at 17:14:07 CET, Pierangelo Masarati wrote:
> 
> > On Tue, 2005-11-22 at 10:30 +0100, Jan-Piet Mens wrote: 
> > > I'm using OpenLDAP 2.3.11 and I'd like to set up this server
> > > to serve a single base (naming doesn't really matter) which
> > > retrieves entries from a local BDB backend as well as a foreign
> > > LDAP backend.
> > > 
> [...]
> > You made that faaaaar too complicated, and you don't (yet) need the rwm
> > with back-meta: rwm capabilities are builtin; an example is provided in
> > test035, however you may try this:
> > 
> > <slapd.conf>
> > database        bdb 
> > suffix          "dc=other,dc=com"
> > # ...
> >   
> > database      meta
> > suffix        "dc=foo,dc=com"
> > 
> > # remote, with builtin rewrite
> > uri           "ldap://localhost/ou=People,dc=foo,dc=com";
> > suffixmassage "ou=People,dc=foo,dc=com" "ou=People,dc=example,dc=com"
> > map attribute     ...
> > map objectClass   ...
> > 
> > # local, with builtin rewrite
> > uri           "ldap://localhost/dc=foo,dc=com";
> > suffixmassage "dc=foo,dc=com" "dc=example,dc=com"
> > </slapd.conf>
> > 
> > Anyway, I suggest using back-ldap with global rwm.  All of this will be
> > simplified, some time.
> 
> I can't get it to work (keep getting "<naming context> of URI does not
> resolve to a backend").
> 
> The way I understand this is that a URI in back-meta must resolve to a
> locally configured back-ldap; is that right?

No, it can resolve to any resource that is able to serve that URI.  The
typical application is with remote servers.  I (or you?) might have
mistyped something?  The point is that the "DN" portion that appears in
the first URI of each uri statement must resolve to the meta database;
in the above example:

<slapd.conf>
database	meta
suffix		"dc=foo,dc=com"
# ... uri #0
uri		"ldap://localhost/ou=People,dc=foo,dc=com";
# ... uri #1
uri		"ldap://localhost/dc=foo,dc=com";
</slapd.conf>

You see, the "DN" portion of both URIs is a subordinate of the suffix
(well, one is the suffix itself).

> What I want to do is to have a search base of e.g. o=RSC which points to
> a back-bdb. One tree in that (ou=People,o=RSC) must be proxied in to
> an internal OpenLDAP LDAP server (ou=People,dc=retail). What would be
> the best way for me to do this?

In your very case:

<slapd.conf>
database	bdb
suffix		"o=RSC"

database	meta
suffix		"dc=virtual"
# ... uri #0
uri		"ldap://localhost/ou=People,dc=virtual";
suffixmassage	"ou=People,dc=virtual" "ou=People,dc=retail"
# ... uri #1
uri		"ldap://localhost/dc=virtual";
suffixmassage	"dc=virtual" "o=RSC"
</slapd.conf>

replace "dc=virtual" with whatever you like; if you want to use "o=RSC"
instead of "dc=virtual", you need to use a different instance of slapd
for the meta database.

              - o - o - o -

As I said in my previous posting, you may still use gluing for a totally
different setup this way:

<slapd.conf>
# global overlay: goes before any database
overlay			rwm
rwm-suffixmassage	"ou=People,o=RSC" "ou=People,dc=retail"

# first database: proxy for people; gets rewritten
database		ldap
suffix			"ou=People,o=RSC"
subordinate
uri			"ldap://localhost";

# main database: does not get rewritten
# because rwm-suffixmassage rule does not match
database		bdb
suffix			"o=RSC"
</slapd.conf>

p.




Ing. Pierangelo Masarati
Responsabile Open Solution

SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
------------------------------------------
Office:   +39.02.23998309          
Mobile:   +39.333.4963172
Email:    pierangelo.masarati@sys-net.it
------------------------------------------