Re: ldap proxy resolution by rewriting in meta-backend

yamina wrote:

Hello, I want to use the "LDAP Proxy resolution" mode related in the "slapd-meta" man but I don't manage to make it works. I wonder if it is implemented yet because I saw a message dated Fri, 16 Jan 2004 17:09:10 +0100 in which the same problem is not solved.

That man page is a copy and paste from a white paper. That feature is a TODO and should be removed from the man page.

You might be able to obtain something like that by using a proxy that statically maps a given subtree to a given server. Something like

database relay suffix "dc=virtual" overlay rwm ...

rwm rules that rewrite the base DN of a search based on the contents of the filter (not a trivial rule, though) to a temporary DN like (uid=*-b) -> $BASEDN,dc=server1 (uid=*-c) -> $BASEDN,dc=server2 ...

Then add

database ldap suffix "dc=server1" overlay rwm rwm-rewriteEngine on rwm-rewiteContext searchDN rwm-rewriteRule "^(.+),dc=server1$" "$1" "@:" rwm-rewiteContext default

database ldap suffix "dc=server2" overlay rwm rwm-rewriteEngine on rwm-rewiteContext searchDN rwm-rewriteRule "^(.+),dc=server2$" "$1" "@:" rwm-rewiteContext default

...

and so on. The whole thing may need quite a bit of shakedown, and is going to be far from efficient, though.

p.