[email protected] wrote: > Full_Name: Bastien Bonnefon > Version: 2.4.39 > OS: CentOS 7 > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (194.2.202.93) > > > Hi, > > I have installed openldap as meta directory to request multiple Active > Directory. > I have managed to install and make it work with dynamic configuration or > slapd.conf. > But one of the applications accessing the directory needs paged results due to > the large amount of entries returned. > > So I've searched and found the directive "client-pr", which seems to have been > enabled since this case : > http://www.openldap.org/its/index.cgi/Software%20Enhancements?id=6664;page=4 > > The directive is also dcribibed in the slapd-meta man page : > http://www.openldap.org/software/man.cgi?query=slapd-meta&apropos=0&sektion=0&manpath=OpenLDAP+2.4-Release&format=html
Looking at the ITS history, it appears that this code was released in January 2011 but in fact, the released code is not actually enabled. (It is behind an #ifdef LDAP_DEVEL mask.) Most likely a mistake was made in releasing it at that time, since I see no actual test feedback in the ITS. If you want to test this you will have to compile back-meta yourself, and edit back-meta.h to make sure SLAPD_META_CLIENT_PR gets defined instead of being hidden. Please then send your test results as a followup to ITS#6664. > However, enabling the feature in slapd.conf (I just can't in olc format) > doesn't > work. Syslog shows this : > "unknown directive <client-pr> inside backend database definition" > > I've started testing with CentOS 7 and package openldap 2.4.39 > I've then tried with Debian Wheezy and Ubuntu 14.04 (package slapd 2.4.31) > I've also tried installing openldap from the source with the version 2.4.24 > (client-pr should have been enabled in this version due to ITS#6664) => no way > :/ > > I think I've declared the directive as specified in the man page but maybe I > miss something. I have not found any other report on the web on how to use > "client-pr". > Thank you for your help. > > > Here is my slapd.conf > > # Include > include /etc/ldap/schema/core.schema > include /etc/ldap/schema/cosine.schema > include /etc/ldap/schema/inetorgperson.schema > include /etc/ldap/schema/nis.schema > > pidfile /var/run/slapd/slapd.pid > argsfile /var/run/slapd/slapd.args > > # Modules > moduleload back_ldap.la > moduleload back_meta.la > > # Database meta > database meta > suffix "dc=meta,dc=local" > > rootdn "cn=Manager,dc=meta,dc=local" > rootpw secret_password1 > > # First directory > uri "ldap://192.168.0.1/ou=test1,dc=meta,dc=local"; > client-pr accept-unsolicited > lastmod off > suffixmassage "ou=test1,dc=meta,dc=local" "dc=test1,dc=local" > idassert-bind bimemethod=simple > binddn="cn=openldap,OU=users,OU=TEST,dc=test1,dc=local" > credentials="secret_password2" > mode=none > flags=non-prescriptive > idassert-authzFrom "dn.exact:cn=Manager,dc=meta,dc=local" > chase-referrals no > acl-authcDN cn=openldap,OU=users,OU=TEST,dc=test1,dc=local > acl-passwd secret_password2 > > # Second Directory > uri "ldap://192.168.0.2/ou=test2,dc=meta,dc=local"; > client-pr accept-unsolicited > lastmod off > suffixmassage "ou=test2,dc=meta,dc=local" ,%c=test2,dc=local" > idassert-bind bindmethod=simple > binddn="cn=openldap,OU=users,OU=TEST,dc=test2,dc=local" > credentials="secret_password3" > mode=none > flags=non-prescriptive > idassert-authzFrom "dn.exact:cn=Manager,dc=meta,dc=local" > chase-referrals no > acl-authcDN "cn=openldap,OU=users,OU=TEST,dc=test2,dc=local" > acl-passwd secret_password3 > > > idletimeout 1800 > > > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
