[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slapd-meta

To: openldap-technical@openldap.org
Subject: Re: slapd-meta
From: Dirk Kastens <dirk.kastens@uni-osnabrueck.de>
Date: Thu, 10 Mar 2016 14:45:56 +0100
In-reply-to: <56E13B1E.5080300@fr3ddie.it>
References: <5641CFB9.6030405@fr3ddie.it> <564B6A78.8000206@fr3ddie.it> <B86DF74A3A67FB202276375E@[192.168.1.9]> <56D5DE23.6060809@fr3ddie.it> <17B77E63A550B0A71E0A961C@[192.168.1.9]> <56E13B1E.5080300@fr3ddie.it>
User-agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.6.0

Hi,

     dn: olcDatabase={3}meta,cn=config
     objectClass: olcDatabaseConfig
     objectClass: olcMetaConfig
     olcDatabase: {3}meta
     olcSuffix: dc=loc1,dc=root
     olcSuffix: dc=loc2,dc=root
     olcSuffix: dc=loc3,dc=root


I've never used meta backend, but the above doesn't look valid to me
(multiple suffixes).  The man page shows a single suffix, with URI
directives for additional representations of the DB.

Indeed, you can only have one olcSuffix. This is the suffix under whichyour source URIs will be presented. I'm running a meta backend with thefollowing configuration:

I have two source servers, first and second. Both have a subtreeou=people,ou=mydomain. The trees are combined on the meta server underthe new suffix ou=newsuffix,dc=mydomain as ou=apeople and ou=bpeople.


dn: olcDatabase={1}meta, cn=config
olcDatabase: {1}meta
olcSuffix: ou=newsuffix,dc=mydomain
objectClass: olcDatabaseConfig
objectClass: olcMetaConfig

dn: olcMetaSub={0}uri, olcDatabase={1}meta, cn=config
olcDbURI: "ldap://first.source.server/ou=apeople,ou=newsuffix,dc=mydomain";
objectClass: olcMetaTargetConfig
olcMetaSub: {0}uri
olcDbRewrite: {0}suffixmassage "ou=apeople,ou=newsuffix,dc=mydomain"
 "ou=people,dc=mydomain"
olcDbIDAssertBind: mode=none
 flags=override,prescriptive,proxy-authz-critical
 bindmethod=simple
 binddn="cn=myadmin"
 credentials="secret"
 starttls=yes
 tls_cert="/etc/openldap/certs/mycert.pem"
 tls_key="/etc/openldap/certs/mycert.key"
 tls_cacert="/etc/openldap/cacerts/cacerts.pem"
 tls_cacertdir="/etc/openldap/cacerts"
 tls_reqcert=demand

dn: olcMetaSub={1}uri, olcDatabase={1}meta, cn=config
olcDbURI: "ldap://second.source.server/ou=bpeople,ou=newsuffix,dc=mydomain";
objectClass: olcMetaTargetConfig
olcMetaSub: {1}uri
olcDbRewrite: {0}suffixmassage "ou=bpeople,ou=newsuffix,dc=mydomain"
 "ou=people,dc=mydomain"
olcDbIDAssertBind: mode=none
 flags=override,prescriptive,proxy-authz-critical
 bindmethod=simple
 binddn="cn=myadmin"
 credentials="secret"
 starttls=yes
 tls_cert="/etc/openldap/certs/mycert.pem"
 tls_key="/etc/openldap/certs/mycert.key"
 tls_cacert="/etc/openldap/cacerts/cacerts.pem"
 tls_cacertdir="/etc/openldap/cacerts"
 tls_reqcert=demand

Hope this helps.
Dirk

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

References:
- Re: slapd-meta
  - From: Fr3ddie <fr3ddie@fr3ddie.it>
- Re: slapd-meta
  - From: Quanah Gibson-Mount <quanah@zimbra.com>
- Re: slapd-meta
  - From: Fr3ddie <fr3ddie@fr3ddie.it>

Prev by Date: Antw: Re: Experience with LDAP monitoring (cn=monitor)
Next by Date: Collaborative work of MirrorMode replication and LDAP Sync Replication
Index(es):
- Chronological
- Thread