Using cached entries when ldap backend server fails? - openldap-software

7 Aug 2007


      Hello,
Having some basic experience with OpenLDAP, things like overlays and 
non-db backends are new to me.
I'm trying to configure slapd in such a way that:
- it proxies filtered user-accounts (objectClass=posixAccount) from
   Novell eDirectory (NDS).
- stores some search and bind results locally like the pcache overlay.
- But, unlike pcache, it only uses the locally stored ("cached") when
   The backend (Novell) server is down/unreachable.
I've been through the slapo-* and slapd-* man pages trying to find or 
contruct a solution. It is possible to do re-writes in the frontend, in 
order to direct bind requests to another backend-server than 
search-requests. But is it possible to stack overlays in such a way that 
a ldap-request goes to another server (or backend) on error or on timeout?
I am running
Hope it is clear what I am trying to achieve (and I hope there is some 
way). Thanks in advance for any help.
Below this mail is the slapd.conf I have so far, but it does nothing 
more than proxying a subtree from the Novell eDirectory server, while 
mapping some selected attributes. (it configures for simple binds and 
clear text passwords, but this is only for testing)
Regards,
Heiko Noordhof
~~~~~~~ slap.conf ~~~~~~~
# slapd.conf - Minimal
# Global Options
#
include			/etc/ldap/schema/core.schema
include			/etc/ldap/schema/cosine.schema
include			/etc/ldap/schema/nis.schema
include			/etc/ldap/schema/inetorgperson.schema
loglevel		256
pidfile			/var/run/slapd/slapd.pid
argsfile		/var/run/slapd/slapd.args
modulepath		/usr/lib/ldap
moduleload		back_hdb
moduleload		back_ldap
moduleload		rwm
access to dn=""
     by * read
access to attrs=userPassword
     by self write
     by * auth
access to *
     by * read
# LDAP  proxy database
#
database		ldap
protocol-version	3
uri			"ldap://ldap.example.nl/"
suffix			"o=example,c=nl"
# Rewrite overlay
#
overlay rwm
rwm-map objectClass ndsLoginProperties
rwm-map attribute cn *
rwm-map attribute sn *
rwm-map attribute givenName *
rwm-map attribute initials *
rwm-map attribute mail *
rwm-map attribute title *
rwm-map attribute telephoneNumber *
rwm-map attribute l *
rwm-map attribute postalCode *
rwm-map attribute postalAddress *
rwm-map attribute ou *
rwm-map attribute homeDirectory *
rwm-map attribute uidNumber *
rwm-map attribute gidNumber *
rwm-map attribute uid *
rwm-map attribute *
~~~~~~~~~~~~~EOF~~~~~~~~~~~~