On Fri, Mar 21, 2025 at 10:16:09AM +0100, David Coutadeur wrote:
I am working on a use case when I want an openldap meta server to balance requests on multiple backends according to the bindDN of the incoming user.
I succeeded to do this with a meta + rwm configuration as showed below: [...] This is working well, but all operations are returned with the real backend suffix, which can be disturbing for the client application.
I'd like the bind and search results to be rewritten with the virtual suffix (removing dc=directory1 or dc=directory2 part)
I have tried using these server->client rewrite contexts: searchEntryDN, searchAttrDN, matchedDN, or referralDN, but they don't seem to be called.
Hi David, I assume you mean the contexts mentioned in slapo-rwm manpage when it comes to suffixmassage? That should work.
My own experience with rwm is very limited, others might have more and better advice here, but one thing that stands out to me is that since you're not using rwm to decide which DB is going to serve the request, you can just move the rewriting rules into the meta's own context and I would hope that helps things out if stuff wasn't being connected right.
Regards,