[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: database meta question

To: "D'Arcy Smith" <ds.bcit@gmail.com>
Subject: Re: database meta question
From: Pierangelo Masarati <ando@sys-net.it>
Date: Sat, 25 Aug 2007 09:54:30 +0200
Cc: openldap-software@openldap.org
In-reply-to: <895af5c0708242306l2adff160j3fe6a49ce48f2bbc@mail.gmail.com>
References: <895af5c0708242306l2adff160j3fe6a49ce48f2bbc@mail.gmail.com>
User-agent: Mail/News 1.5.0.8 (X11/20061210)

D'Arcy Smith wrote:

> I am having a terrible time trying to get the meta backend to work
> with my setup.  If I do not have meta things work as expected.  As
> soon as I add the meta backend thing go south.

What version of OpenLDAP are you using?

> Partial slapd.conf:
> 
> database      ldap
> suffix        "o=a.y.x,o=y"
> uri           ldap://a.y.z:389/
> idassert-authzFrom "dn:*"
> idassert-bind bindmethod=simple
>  binddn="uid=foo,ou=people,o=a.y.z,o=y"
>  credentials="**********"
>  mode=none
> 
> database        bdb
> suffix          "o=b.y.z,o=bcit"
> checkpoint      32      30 # <kbyte> <min>

^^^ extra cruft after "#" (included) is invalid, as clearly indicated in
slapd.conf(5).  This is treated as an error in OpenLDAP 2.4 (finally!)

> rootdn          "cn=Manager,o=b.y.z,o=y"
> rootpw          {MD5}********==

rootpw can only be set when rootdn is within the naming context of the
database, as clearly indicated in slapd.conf(5), which is not the case
above.

> directory       /var/lib/openldap-data
> index   objectClass     eq
> 
> database            meta
> suffix                 "o=y.z,o=y"
> 
> uri                 "ldap://foo.bar.star:389/o=a.y.z,o=y";

^^^ this is not a valid back-meta URI, since the naming context
"o=a.y.z,o=y" is not within the naming context of the database, as
clearly stated in slapd-meta(5).

> rwm-rewriteEngine   on

^^^ this is not a valid slapd-meta(5) directive.  The "rwm-" prefix
clearly indicates it's related to slapo-rwm(5), which has not been
instantiated (nor it is required by slapd-meta(5)).

> rwm-rewriteContext  default
> twm-rewriteRule     "(.*)o=y.z,o=y" "%1o=a,y.z,o=y"
> rwm-rewriteContext  searchResult
> rwm-rewriteRule     "(.*)o=a.y.z,o=y" "%1o=y.z,o=y"
> rwm-map             attribute * *

^^^ same as above

> 
> uri                 "ldap://foo.bar.com:389/o=b.y.z,o=y";

^^^ same as above

> rwm-rewriteEngine   on
> rwm-rewriteContext  default
> twm-rewriteRule     "(.*)o=y.z,o=y" "%1o=b,y.z,o=y"
> rwm-rewriteContext  searchResult
> rwm-rewriteRule     "(.*)o=b.y.z,o=y" "%1o=y.z,o=y"
> rwm-map             attribute * *

^^^ same as above

> When I run slapd with -d -1 I get (in part):
> 
> config_back_db_open
> backend_startup_one: starting "o=a.y.z,o=y"
> ldap_back_db_open: URI=ldap://a.y.z:389
> backend_startup_one: starting "o=b.y.z,o=y"
> bdb_db_open: o=b.y.z,o=y
> bdb_db_open: dbenv_open(/var/lib/openldap-data)
> backend_startup_one: starting "o=y.z,o=y"
> meta_back_db_open: no targets defined
> backend_startup_one: bi_db_open failed! (1)
> 
> So, it seems that "meta" is finding no targets...

Clearly, the incorrect configuration above is screwing things.  Since
you didn't state what version of OpenLDAP you're using, there's no way I
can help.  Note that I'm not a magician, I just ran slaptest and noted
(and fixed) errors as they showed up.

p.

Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
---------------------------------------
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Email:   pierangelo.masarati@sys-net.it
---------------------------------------

Follow-Ups:
- Re: database meta question
  - From: "D'Arcy Smith" <ds.bcit@gmail.com>

References:
- database meta question
  - From: "D'Arcy Smith" <ds.bcit@gmail.com>

Prev by Date: Re: syncrepl with ssl
Next by Date: Re: syncrepl with ssl
Index(es):
- Chronological
- Thread