Hello Ondřej,
Le 21/03/2025 à 12:14, Ondřej Kuzník a écrit :
On Fri, Mar 21, 2025 at 10:16:09AM +0100, David Coutadeur wrote:
I am working on a use case when I want an openldap meta server to balance requests on multiple backends according to the bindDN of the incoming user.
I succeeded to do this with a meta + rwm configuration as showed below: [...] This is working well, but all operations are returned with the real backend suffix, which can be disturbing for the client application.
I'd like the bind and search results to be rewritten with the virtual suffix (removing dc=directory1 or dc=directory2 part)
I have tried using these server->client rewrite contexts: searchEntryDN, searchAttrDN, matchedDN, or referralDN, but they don't seem to be called.
Hi David, I assume you mean the contexts mentioned in slapo-rwm manpage when it comes to suffixmassage? That should work.
Yes, I am using the contexts mentionned in slapo-rwm man page.
One precision : I have loaded all the rules in the overlay rwm before any database definition, otherwise the rules where not applied.
Note that the suffixmassage is exactly what I want to do, but suffixmassage alone is not able to direct my request to one backend or the other according to the binddn.
My own experience with rwm is very limited, others might have more and better advice here, but one thing that stands out to me is that since you're not using rwm to decide which DB is going to serve the request, you can just move the rewriting rules into the meta's own context and I would hope that helps things out if stuff wasn't being connected right.
I started to do that, but unfortunately the rewriterules where never called.
Thanks for your help anyway :)
Regards,