I finally made it !
I simply used slapd-ldap instead of slapd-meta !
Thank you nevertheless to Pierangelo
Dominique
-----Message d'origine----- De : Dominique VOLPE [mailto:dominique.volpe@libertysurf.fr] Envoyé : dimanche 29 octobre 2006 18:46 À : 'Pierangelo Masarati' Cc : 'openldap-software@openldap.org' Objet : RE: Problem with slapd-meta
I have five branches in my meta directory. I mentioned only one to simplify the message.
The client begins every search (whatever the search criteria) with this request : Oct 29 19:34:22 localhost slapd[2181]: conn=14 op=1 SRCH base="o=mydomain,c=fr" scope=0 deref=0 filter="(objectClass=*)" Oct 29 19:34:22 localhost slapd[2181]: conn=14 op=1 SRCH attr=objectClass
In a meta drirectory, this cannot works. Accordind to the "man" : The only operation that may resolve to multiple targets is a search with scope at least "one", which results in spawning searches to the targets.
I am looking for a work-around. I have tested all possibilities for several days, in vain.
Grazie
Dominique
-----Message d'origine----- De : Pierangelo Masarati [mailto:ando@sys-net.it] Envoyé : dimanche 29 octobre 2006 17:13 À : Dominique VOLPE Cc : openldap-software@openldap.org Objet : Re: Problem with slapd-meta
Dominique VOLPE wrote:
Hi,
I try to install a meta directory.
My slapd.conf looks like that :
database meta suffix "o=mydomain,c=fr" rootdn "cn=Manager,o=mydomain,c=fr" rootpw secret lastmod off
uri "ldap://xxxxx/ou=persons,o=mydomain,c=fr" suffixmassage "ou=persons,o=mydomain,c=fr" "ou=org1,o=mydomain,c=fr"
When I search an address whith my email client, I can see in the log :
conn=5 op=1 SRCH base="o=mydomain,c=fr" scope=0 deref=0 filter="(objectClass=*)" conn=5 op=1 SRCH attr=objectClass daemon: select: listen=6 active_threads=0 tvp=NULL daemon: select: listen=7 active_threads=0 tvp=NULL request 1 done conn=5 op=1 SEARCH RESULT tag=101 err=32 nentries=0 text=
It tries to list all objectclasses, but it uses the scope "base" (scope=0) instead of "sub" (scope=2). Thus, it produces an error.
Has anybody already met this problem and did find a solution?
I think I could do it with rewrite rules, but I didn't find how to substitute the scope.
The scope of a search is automatically handled by slapd-meta to deal with matching the request with what the targets are supposed to handle, there's no way you can explicitly modify the scope of asearch. However, your issue occurs well before any rewriting takes place.
In your slapd.conf you configure the meta database so that it can handle requests in the "o=mydomain,c=fr" naming context; then, you configure the only target in a manner that it can only deal with requests in the "ou=persons,o=mydomain,c=fr" branch of that naming context. As the client searches for "o=mydomain,c=fr" with a scope of "base", it means that the client really wants only that very entry, which your meta database can't answer. Either you configure the target so that it can return that very entry, or you configure your client to request what the database can actually return.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: pierangelo.masarati@sys-net.it ------------------------------------------
Dominique VOLPE wrote:
I finally made it !
I simply used slapd-ldap instead of slapd-meta !
Just out of curiosity: how can you handle multiple targets with back-ldap?
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: pierangelo.masarati@sys-net.it ------------------------------------------
For my tests, at home, I just setup a single target. Now, I have a doubt. Indeed, the "man" page does not say that multiple targets are allowed.
D.
-----Message d'origine----- De : Pierangelo Masarati [mailto:ando@sys-net.it] Envoyé : dimanche 29 octobre 2006 20:38 À : Dominique VOLPE Cc : openldap-software@openldap.org Objet : Re: Problem with slapd-meta
Dominique VOLPE wrote:
I finally made it !
I simply used slapd-ldap instead of slapd-meta !
Just out of curiosity: how can you handle multiple targets with back-ldap?
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: pierangelo.masarati@sys-net.it ------------------------------------------
openldap-software@openldap.org