I'm currently using the following configuration for an application-specific LDAP directory to present a unified view of its local data (ou=localapp) and remote data (ou=people), all under dc=example,dc=com:
database hdb suffix ou=localapp,dc=example,dc=com # ...
database meta suffix dc=example,dc=com uri ldapi:///ou=localapp,dc=example,dc=com uri ldap://remoteldap.example.com/ou=people,dc=example,dc=com
The idea being that clients of this directory can simply set the base DN to dc=example,dc=com without needing to know which parts are local and which parts are pulled in remotely.
My understanding is that this approach incurs some overhead in going through the ldapi interface for each operation that ends up being performed on the local backend. Is it possible to eliminate that overhead through an alternate approach? I looked at back_relay, but couldn't get it to do what I wanted. I don't want to rewrite any of the suffixes -- I just want it to do exactly as above in the back-meta configuration, but replace "ldapi:///" with "internal-backend-api:///", as mentioned in this part of the back-relay docs: "back-relay bypasses the real database frontend operations by short-circuiting operations through the internal backend API".
Thanks,
-Kartik
On Tue, 17 Jul 2012, Kartik Subbarao wrote:
I'm currently using the following configuration for an application-specific LDAP directory to present a unified view of its local data (ou=localapp) and remote data (ou=people), all under dc=example,dc=com:
database hdb suffix ou=localapp,dc=example,dc=com # ...
database meta suffix dc=example,dc=com uri ldapi:///ou=localapp,dc=example,dc=com uri ldap://remoteldap.example.com/ou=people,dc=example,dc=com [...] local backend. Is it possible to eliminate that overhead through an alternate approach? I looked at back_relay, but couldn't get it to do what I wanted. I
If everything will be strictly confined to the two ou you stated, try http://www.openldap.org/lists/openldap-technical/201206/msg00166.html ... just change the first "meta" to "hdb" and tweak the suffix directives (e.g. back-null would be "dc=example,dc=com").
On 07/17/2012 11:13 AM, Aaron Richton wrote:
If everything will be strictly confined to the two ou you stated, try http://www.openldap.org/lists/openldap-technical/201206/msg00166.html ... just change the first "meta" to "hdb" and tweak the suffix directives (e.g. back-null would be "dc=example,dc=com").
Thanks for the quick response. I had had some nebulous experiences with the glue functionality in the past (and didn't understand it well), but looking into it now, I see that the subordinate/glue functionality is well documented. Thanks for the pointer!
-Kartik
openldap-technical@openldap.org
-
Aaron Richton -
Kartik Subbarao