[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slapd-meta



Hi,

     dn: olcDatabase={3}meta,cn=config
     objectClass: olcDatabaseConfig
     objectClass: olcMetaConfig
     olcDatabase: {3}meta
     olcSuffix: dc=loc1,dc=root
     olcSuffix: dc=loc2,dc=root
     olcSuffix: dc=loc3,dc=root

I've never used meta backend, but the above doesn't look valid to me
(multiple suffixes).  The man page shows a single suffix, with URI
directives for additional representations of the DB.

Indeed, you can only have one olcSuffix. This is the suffix under which your source URIs will be presented. I'm running a meta backend with the following configuration:

I have two source servers, first and second. Both have a subtree ou=people,ou=mydomain. The trees are combined on the meta server under the new suffix ou=newsuffix,dc=mydomain as ou=apeople and ou=bpeople.

dn: olcDatabase={1}meta, cn=config
olcDatabase: {1}meta
olcSuffix: ou=newsuffix,dc=mydomain
objectClass: olcDatabaseConfig
objectClass: olcMetaConfig

dn: olcMetaSub={0}uri, olcDatabase={1}meta, cn=config
olcDbURI: "ldap://first.source.server/ou=apeople,ou=newsuffix,dc=mydomain";
objectClass: olcMetaTargetConfig
olcMetaSub: {0}uri
olcDbRewrite: {0}suffixmassage "ou=apeople,ou=newsuffix,dc=mydomain"
 "ou=people,dc=mydomain"
olcDbIDAssertBind: mode=none
 flags=override,prescriptive,proxy-authz-critical
 bindmethod=simple
 binddn="cn=myadmin"
 credentials="secret"
 starttls=yes
 tls_cert="/etc/openldap/certs/mycert.pem"
 tls_key="/etc/openldap/certs/mycert.key"
 tls_cacert="/etc/openldap/cacerts/cacerts.pem"
 tls_cacertdir="/etc/openldap/cacerts"
 tls_reqcert=demand

dn: olcMetaSub={1}uri, olcDatabase={1}meta, cn=config
olcDbURI: "ldap://second.source.server/ou=bpeople,ou=newsuffix,dc=mydomain";
objectClass: olcMetaTargetConfig
olcMetaSub: {1}uri
olcDbRewrite: {0}suffixmassage "ou=bpeople,ou=newsuffix,dc=mydomain"
 "ou=people,dc=mydomain"
olcDbIDAssertBind: mode=none
 flags=override,prescriptive,proxy-authz-critical
 bindmethod=simple
 binddn="cn=myadmin"
 credentials="secret"
 starttls=yes
 tls_cert="/etc/openldap/certs/mycert.pem"
 tls_key="/etc/openldap/certs/mycert.key"
 tls_cacert="/etc/openldap/cacerts/cacerts.pem"
 tls_cacertdir="/etc/openldap/cacerts"
 tls_reqcert=demand

Hope this helps.
Dirk

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature