[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Problem with slapd-meta

To: Dominique VOLPE <dominique.volpe@libertysurf.fr>
Subject: Re: Problem with slapd-meta
From: Pierangelo Masarati <ando@sys-net.it>
Date: Sun, 29 Oct 2006 20:19:17 +0100
Cc: openldap-software@openldap.org
In-reply-to: <003401c6fb82$1c51f010$0201a8c0@solano.alize>
References: <003401c6fb82$1c51f010$0201a8c0@solano.alize>
User-agent: Mail/News 1.5.0.7 (X11/20060916)

Dominique VOLPE wrote:

I have five branches in my meta directory. I mentioned only one to simplify
the message.
The client begins every search (whatever the search criteria) with this request : Oct 29 19:34:22 localhost slapd[2181]: conn=14 op=1 SRCH base="o=mydomain,c=fr" scope=0 deref=0 filter="(objectClass=*)" Oct 29 19:34:22 localhost slapd[2181]: conn=14 op=1 SRCH attr=objectClass

The problem is in the client, which wants to see the suffix entry. Nothing precludes that entry from existing in at least one of the targets, but to avoid issues you'll want it to exist, or to be looked for, in exactly one. I assume that you're using the latest 2.3 release. In that case, assuming that at least the target "main" contains an entry corresponding to the suffix, what you can do is:

<slapd.conf>
database meta
suffix "o=myorg,c=fr"

# first sub-target
uri "ldap://sub1/ou=sub1,o=myorg,c=fr";
# second sub-target
uri "ldap://sub2/ou=sub2,o=myorg,c=fr";
# add more...

# main target
uri "ldap://main/o=myorg,c=fr";
subtree-exclude "ou=sub1,o=myorg,c=fr"
subtree-exclude "ou=sub2,o=myorg,c=fr"
# add more...
</slapd.conf>

This will cause searches with base "o=myorg,c=fr" to be correctly handled by the "main" target no matter what the scope is, while other, more specific searches are directed to the most appropriate target, excluding the "main" whenever the search base is in the "subtree-exclude". Of course you need to ensure that the contents of the "main" target do not overlap with those of the other targets, but then this is true regardless of the presence of the subtree-exclude directive.

Another way to accomplish this is to add a fake target that handles operations for the suffix naming context, which actually points to a local instance of any database (like bdb) the only contains the entry with the suffix of the meta database. This is a bit more involved, and may add unnecessary overhead.

In a meta drirectory, this cannot works. Accordind to the "man" : The only operation that may resolve to multiple targets is a search with scope at least "one", which results in spawning searches to the targets.

That's correct. Your client wants a single entry, the one corresponding to the suffix of the meta database, it's your client's search that's exactly requesting that. Either your client is broken, or it has a good reason to look for that entry. In the first case, there's nothing slapd-meta (and OpenLDAP) can do to help you fixing it. In the latter case, you need to configure slapd-meta to be able to fulfil that request. That's what my above explanation is trying to do.

p.

Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
------------------------------------------
Office:   +39.02.23998309
Mobile:   +39.333.4963172
Email:    pierangelo.masarati@sys-net.it
------------------------------------------

References:
- RE: Problem with slapd-meta
  - From: "Dominique VOLPE" <dominique.volpe@libertysurf.fr>

Prev by Date: RE: Problem with slapd-meta
Next by Date: Re: Problem with slapd-meta
Index(es):
- Chronological
- Thread