On Wed, 2005-11-23 at 11:08 +0100, Jan-Piet Mens wrote: > On Tue Nov 22 2005 at 17:14:07 CET, Pierangelo Masarati wrote: > > > On Tue, 2005-11-22 at 10:30 +0100, Jan-Piet Mens wrote: > > > I'm using OpenLDAP 2.3.11 and I'd like to set up this server > > > to serve a single base (naming doesn't really matter) which > > > retrieves entries from a local BDB backend as well as a foreign > > > LDAP backend. > > > > [...] > > You made that faaaaar too complicated, and you don't (yet) need the rwm > > with back-meta: rwm capabilities are builtin; an example is provided in > > test035, however you may try this: > > > > <slapd.conf> > > database bdb > > suffix "dc=other,dc=com" > > # ... > > > > database meta > > suffix "dc=foo,dc=com" > > > > # remote, with builtin rewrite > > uri "ldap://localhost/ou=People,dc=foo,dc=com"; > > suffixmassage "ou=People,dc=foo,dc=com" "ou=People,dc=example,dc=com" > > map attribute ... > > map objectClass ... > > > > # local, with builtin rewrite > > uri "ldap://localhost/dc=foo,dc=com"; > > suffixmassage "dc=foo,dc=com" "dc=example,dc=com" > > </slapd.conf> > > > > Anyway, I suggest using back-ldap with global rwm. All of this will be > > simplified, some time. > > I can't get it to work (keep getting "<naming context> of URI does not > resolve to a backend"). > > The way I understand this is that a URI in back-meta must resolve to a > locally configured back-ldap; is that right?
No, it can resolve to any resource that is able to serve that URI. The typical application is with remote servers. I (or you?) might have mistyped something? The point is that the "DN" portion that appears in the first URI of each uri statement must resolve to the meta database; in the above example: <slapd.conf> database meta suffix "dc=foo,dc=com" # ... uri #0 uri "ldap://localhost/ou=People,dc=foo,dc=com"; # ... uri #1 uri "ldap://localhost/dc=foo,dc=com"; </slapd.conf> You see, the "DN" portion of both URIs is a subordinate of the suffix (well, one is the suffix itself). > What I want to do is to have a search base of e.g. o=RSC which points to > a back-bdb. One tree in that (ou=People,o=RSC) must be proxied in to > an internal OpenLDAP LDAP server (ou=People,dc=retail). What would be > the best way for me to do this? In your very case: <slapd.conf> database bdb suffix "o=RSC" database meta suffix "dc=virtual" # ... uri #0 uri "ldap://localhost/ou=People,dc=virtual"; suffixmassage "ou=People,dc=virtual" "ou=People,dc=retail" # ... uri #1 uri "ldap://localhost/dc=virtual"; suffixmassage "dc=virtual" "o=RSC" </slapd.conf> replace "dc=virtual" with whatever you like; if you want to use "o=RSC" instead of "dc=virtual", you need to use a different instance of slapd for the meta database. - o - o - o - As I said in my previous posting, you may still use gluing for a totally different setup this way: <slapd.conf> # global overlay: goes before any database overlay rwm rwm-suffixmassage "ou=People,o=RSC" "ou=People,dc=retail" # first database: proxy for people; gets rewritten database ldap suffix "ou=People,o=RSC" subordinate uri "ldap://localhost"; # main database: does not get rewritten # because rwm-suffixmassage rule does not match database bdb suffix "o=RSC" </slapd.conf> p. Ing. Pierangelo Masarati Responsabile Open Solution SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: [EMAIL PROTECTED] ------------------------------------------
