9:32 a.m.
Hello all,
I'm been working with OpenLDAP in a metadirectory configuration -- I'm
using it to provide a merged view of two organization LDAP servers,
along with a local database to support "external collaborators" (that
is, people not otherwise affiliated with our organization). In my
limited testing it seems to be working reasonably well, but I'm not
sure I completely understand all the components. For example, I'm
unsure of the difference between this:
database meta
uri ldap://serverA.example.com/ou=A,o=organization
uri ldap://serverB.example.com/ou=B,o=organization
# ...necessary suffix massaging...
database hdb
suffix o=organization
And this:
database ldap
subordinate
suffix ou=A,o=organization
uri ldap://serverA.example.com
# ...rewriting...
database ldap
subordinate
suffix ou=B,o=organization
uri ldap://serverB.example.com
# ...rewriting...
database hdb
suffix o=organization
Both seem to provide the same behavior; a search against
o=organization will search all three directories. Is either
configuration preferable? Is one backend considered more stable than
the other? is there some subtle difference in behavior that I'm
missing? I'd appreciate your input.
Thanks,
-- Lars
11:38 a.m.
Hello all,
I'm been working with OpenLDAP in a metadirectory configuration -- I'm
using it to provide a merged view of two organization LDAP servers,
along with a local database to support "external collaborators" (that
is, people not otherwise affiliated with our organization). In my
limited testing it seems to be working reasonably well, but I'm not
sure I completely understand all the components. For example, I'm
unsure of the difference between this:
database meta
uri ldap://serverA.example.com/ou=A,o=organization
uri ldap://serverB.example.com/ou=B,o=organization
# ...necessary suffix massaging...
database hdb
suffix o=organization
And this:
database ldap
subordinate
suffix ou=A,o=organization
uri ldap://serverA.example.com
# ...rewriting...
database ldap
subordinate
suffix ou=B,o=organization
uri ldap://serverB.example.com
# ...rewriting...
database hdb
suffix o=organization
Both seem to provide the same behavior; a search against
o=organization will search all three directories. Is either
configuration preferable? Is one backend considered more stable than
the other? is there some subtle difference in behavior that I'm
missing? I'd appreciate your input.
slapd-ldap(5) and slapd-meta(5) share some of the code. slapd-ldap(5) is
usually few features ahead of slapd-meta(5). In general, slapd-meta(5)
supports between 90 and 99% of the features of slapd-ldap(5). The main
difference between the two setups you mentioned is in long searches that
span multiple targets. Slapd-meta(5) operates in parallel, i.e. searches
are spawn simultaneously on all pertinent targets, and results are dealt
with as soon as they come in. In a glued database layout, searches are
performed sequentially. This has nearly no impact for local storage,
while it can have a significant impact in the case of proxied remote
targets.
p.
10:44 a.m.
Slapd-meta(5) operates in parallel, i.e. searches
are spawn simultaneously on all pertinent targets, and results are dealt
with as soon as they come in. In a glued database layout, searches are
performed sequentially.
Thank you; that was an incredible useful answer, since one my
questions was about controlling the sequence in which backends are
searched. So you've saved me from a followup on that topic.
4320
days inactive
4322
days old
openldap-technical@openldap.org
2 comments
2 participants
participants (2)
-
Lars Kellogg-Stedman -
masarati@aero.polimi.it