[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slapd-meta as a proxy for a monolithic namespace

To: openldap-technical@openldap.org
Subject: Re: slapd-meta as a proxy for a monolithic namespace
From: Pierangelo Masarati <masarati@aero.polimi.it>
Date: Wed, 24 Apr 2013 09:12:13 +0200
In-reply-to: <65599359C3745F41A3111B9A3EDDB8A81103F48E@G1W3641.americas.hpqcorp.net>
References: <65599359C3745F41A3111B9A3EDDB8A81103F48E@G1W3641.americas.hpqcorp.net>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130329 Thunderbird/17.0.5

On 04/24/2013 07:45 AM, Hummel, Wolfgang wrote:

Hello OpenLDAP community,

we are currently planning for a largescale directory with

1 Bio. entries in a single namespace.


The idea is to divide the DB in 10 equal sized DBs and let
them access by slapd-meta proxies.

Example:
dn: ou=rsp1,c=de,o=mno
entries with uid=79101234567890, 79101234567891 etc.
791 is always fix

In our scenario each server would have 100 Mio. entries
using the last digit of uid as a naturally even balanced distribution mechanism.

Here are the questions:

- is slapd-meta a feasible approach for this scenario ?
- how could the slapd.conf for the proxy look like ?

Here is a (non working) example with 2 backend servers.
What is wrong about it ?
...
moduleload      back_meta
moduleload      back_ldap
...
#######################################################################
# Meta database
#######################################################################
database meta
suffix " ou=rsp1,c=de,o=mno"
dncache-ttl forever
lastmod off
rootdn "cn=admin,ou=rsp1,c=de,o=mno"
rootpw secret
network-timeout 1
uri    "ldap://10.11.12.170/ ou=rsp1,c=de,o=mno"
rewriteEngine on
#rewriteContext searchFilterAttrDN
rewriteContext searchFilter
rewriteRule '^uid=[0-9]{11}1,.*' 'ldap://10.11.12.170/%0' ':@'
uri    "ldap://10.11.12.180/ ou=rsp1,c=de,o=mno"
rewriteEngine on
#rewriteContext searchFilterAttrDN
rewriteContext searchFilter
rewriteRule '^uid=[0-9]{11}2,.*' 'ldap://10.11.12.180/%0' ':@'

This syntax is not valid. Assuming the uid is in the DN of yourentries, an option is to use something like (oversimplified)


database meta
suffix " ou=rsp1,c=de,o=mno"

uri "ldap://10.11.12.170/ou=rsp1,c=de,o=mno";
subtree-include dn.regex="^uid=[0-9]+0,ou=rsp1,c=de,o=mno$"

uri "ldap://10.11.12.180/ou=rsp1,c=de,o=mno";
subtree-include dn.regex="^uid=[0-9]+1,ou=rsp1,c=de,o=mno$"

uri "ldap://10.11.12.190/ou=rsp1,c=de,o=mno";
subtree-include dn.regex="^uid=[0-9]+2,ou=rsp1,c=de,o=mno$"

and so on.

p.

--
Pierangelo Masarati
Associate Professor
Dipartimento di Scienze e Tecnologie Aerospaziali
Politecnico di Milano

References:
- slapd-meta as a proxy for a monolithic namespace
  - From: "Hummel, Wolfgang" <wolfgang.hummel@hp.com>

Prev by Date: Re: slapd-meta as a proxy for a monolithic namespace
Next by Date: hdb and mdb dereferencing aliases differently
Index(es):
- Chronological
- Thread