On 04/24/2013 07:45 AM, Hummel, Wolfgang wrote:
Hello OpenLDAP community,
we are currently planning for a largescale directory with
1 Bio. entries in a single namespace.
The idea is to divide the DB in 10 equal sized DBs and let them access by slapd-meta proxies.
Example: dn: ou=rsp1,c=de,o=mno entries with uid=79101234567890, 79101234567891 etc. 791 is always fix
In our scenario each server would have 100 Mio. entries using the last digit of uid as a naturally even balanced distribution mechanism.
Here are the questions:
- is slapd-meta a feasible approach for this scenario ?
- how could the slapd.conf for the proxy look like ?
Here is a (non working) example with 2 backend servers. What is wrong about it ? ... moduleload back_meta moduleload back_ldap ... ####################################################################### # Meta database ####################################################################### database meta suffix " ou=rsp1,c=de,o=mno" dncache-ttl forever lastmod off rootdn "cn=admin,ou=rsp1,c=de,o=mno" rootpw secret network-timeout 1 uri "ldap://10.11.12.170/ ou=rsp1,c=de,o=mno" rewriteEngine on #rewriteContext searchFilterAttrDN rewriteContext searchFilter rewriteRule '^uid=[0-9]{11}1,.*' 'ldap://10.11.12.170/%0' ':@' uri "ldap://10.11.12.180/ ou=rsp1,c=de,o=mno" rewriteEngine on #rewriteContext searchFilterAttrDN rewriteContext searchFilter rewriteRule '^uid=[0-9]{11}2,.*' 'ldap://10.11.12.180/%0' ':@'
This syntax is not valid. Assuming the uid is in the DN of your entries, an option is to use something like (oversimplified)
database meta suffix " ou=rsp1,c=de,o=mno"
uri "ldap://10.11.12.170/ou=rsp1,c=de,o=mno" subtree-include dn.regex="^uid=[0-9]+0,ou=rsp1,c=de,o=mno$"
uri "ldap://10.11.12.180/ou=rsp1,c=de,o=mno" subtree-include dn.regex="^uid=[0-9]+1,ou=rsp1,c=de,o=mno$"
uri "ldap://10.11.12.190/ou=rsp1,c=de,o=mno" subtree-include dn.regex="^uid=[0-9]+2,ou=rsp1,c=de,o=mno$"
and so on.
p.