[Date Prev][Date Next] [Chronological] [Thread] [Top]

Using cached entries when ldap backend server fails?

To: openldap-software@openldap.org
Subject: Using cached entries when ldap backend server fails?
From: Heiko <h.e.noordhof@rug.nl>
Date: Tue, 07 Aug 2007 17:18:52 +0200
User-agent: Thunderbird 1.5.0.12 (X11/20070604)

Hello,

Having some basic experience with OpenLDAP, things like overlays and non-db backends are new to me.

I'm trying to configure slapd in such a way that:
- it proxies filtered user-accounts (objectClass=posixAccount) from
  Novell eDirectory (NDS).
- stores some search and bind results locally like the pcache overlay.
- But, unlike pcache, it only uses the locally stored ("cached") when
  The backend (Novell) server is down/unreachable.

I've been through the slapo-* and slapd-* man pages trying to find or contruct a solution. It is possible to do re-writes in the frontend, in order to direct bind requests to another backend-server than search-requests. But is it possible to stack overlays in such a way that a ldap-request goes to another server (or backend) on error or on timeout?

I am running

Hope it is clear what I am trying to achieve (and I hope there is some way). Thanks in advance for any help.

Below this mail is the slapd.conf I have so far, but it does nothing more than proxying a subtree from the Novell eDirectory server, while mapping some selected attributes. (it configures for simple binds and clear text passwords, but this is only for testing)

Regards,

	Heiko Noordhof


~~~~~~~ slap.conf ~~~~~~~

# slapd.conf - Minimal

# Global Options
#
include			/etc/ldap/schema/core.schema
include			/etc/ldap/schema/cosine.schema
include			/etc/ldap/schema/nis.schema
include			/etc/ldap/schema/inetorgperson.schema

loglevel		256
pidfile			/var/run/slapd/slapd.pid
argsfile		/var/run/slapd/slapd.args

modulepath		/usr/lib/ldap
moduleload		back_hdb
moduleload		back_ldap
moduleload		rwm

access to dn=""
    by * read

access to attrs=userPassword
    by self write
    by * auth

access to *
    by * read

# LDAP  proxy database
#
database		ldap
protocol-version	3
uri			"ldap://ldap.example.nl/";
suffix			"o=example,c=nl"

# Rewrite overlay
#
overlay rwm
rwm-map objectClass ndsLoginProperties
rwm-map attribute cn *
rwm-map attribute sn *
rwm-map attribute givenName *
rwm-map attribute initials *
rwm-map attribute mail *
rwm-map attribute title *
rwm-map attribute telephoneNumber *
rwm-map attribute l *
rwm-map attribute postalCode *
rwm-map attribute postalAddress *
rwm-map attribute ou *
rwm-map attribute homeDirectory *
rwm-map attribute uidNumber *
rwm-map attribute gidNumber *
rwm-map attribute uid *
rwm-map attribute *

~~~~~~~~~~~~~EOF~~~~~~~~~~~~

Prev by Date: sasl proxy authentication failure
Next by Date: Re: problems with slapd-ldap and overlays in using OpenLDAP as an LDAP proxy
Index(es):
- Chronological
- Thread