Hello everyone,
I have set up two slapd instances in mirror mode. As described in the documentation I used another slapd instance with ldap backend to proxy the requests and provide failover capabilities in case one of the upstream servers becomes unavailable.
Now I have the curious situation, that the proxy correctly forwards the search request from a client to the upstream server but doesn't return the result. I can see in the log that the upstream server responds with one entry:
SEARCH RESULT tag=101 err=0 qtime=0.000034 etime=0.001134 nentries=1
The proxy however does not forward this result to the client:
SEARCH RESULT tag=101 err=0 qtime=0.000034 etime=0.001730 nentries=0
The client (ldapsearch for test purposes) then gives me the following result:
# search result search: 2 result: 0 Success
I don't understand what I did wrong. I imported the correct schema into the proxy instance, my config of the ldap backend on the proxy is as follows:
# {2}ldap, config dn: olcDatabase={2}ldap,cn=config objectClass: olcDatabaseConfig objectClass: olcLdapConfig olcDatabase: {2}ldap olcSuffix: ROOT_SUFFIX_OF_UPSTREAM_DIRECTORY olcDbURI: ldap://openldap-test-0.ldap-test:1389,ldap://openldap-test-1.ldap-test:1389
Does anyone know how to solve this?
Some help would be appreciated greatly.
Thanks in advance and kind regards
Sven
Hello Sven,
Did you set ACL that allow reply to be send to client on the proxy ldap instance ? I had same issue with META proxy ldap type before I set these ACL.
Brgds, Jean-Luc.
On 7 Jun 2023, at 16:23, Sven Feyerabend Sven.Feyerabend@stuvus.uni-stuttgart.de wrote:
Hello everyone,
I have set up two slapd instances in mirror mode. As described in the documentation I used another slapd instance with ldap backend to proxy the requests and provide failover capabilities in case one of the upstream servers becomes unavailable.
Now I have the curious situation, that the proxy correctly forwards the search request from a client to the upstream server but doesn't return the result. I can see in the log that the upstream server responds with one entry:
SEARCH RESULT tag=101 err=0 qtime=0.000034 etime=0.001134 nentries=1
The proxy however does not forward this result to the client:
SEARCH RESULT tag=101 err=0 qtime=0.000034 etime=0.001730 nentries=0
The client (ldapsearch for test purposes) then gives me the following result:
# search result search: 2 result: 0 Success
I don't understand what I did wrong. I imported the correct schema into the proxy instance, my config of the ldap backend on the proxy is as follows:
# {2}ldap, config dn: olcDatabase={2}ldap,cn=config objectClass: olcDatabaseConfig objectClass: olcLdapConfig olcDatabase: {2}ldap olcSuffix: ROOT_SUFFIX_OF_UPSTREAM_DIRECTORY olcDbURI: ldap://openldap-test-0.ldap-test:1389,ldap://openldap-test-1.ldap-test:1389
Does anyone know how to solve this?
Some help would be appreciated greatly.
Thanks in advance and kind regards
Sven
openldap-technical@openldap.org
-
Jean-Luc Bourguignon -
Sven Feyerabend