> Hello,
>
> We want to update our old OpenLDAP server from 2.1.x to 2.4.x but the
> current
> configuration do not use a regular suffix (o=foo,c=bar nor dc=foo,dc=bar)
> but
> use an empty suffix ("").
>
> We want to move away from empty suffix as we cannot use cn=monitor or any
> additional suffixes as they can not bind when a suffix ""is in use in a
> hdb database :
>
> <suffix> namingContext "o=..." already served by a preceding hdb database
> serving namingContext ""Of course, you can't configure a database with non-null suffix after one with null suffix: database xxx suffix "" database yyy suffix "cn=non-null" this is invalid, since "" is more general than anything else. But you can always do database yyy suffix "cn=non-null" database xxx suffix "" because any DN is less general than "". Does this solve your problem? p. > We still have some old applications which are using empty search base and > query > implicitly the union of o=A and o=B stored within the same ldbm database. > > To maintain the backward compatibility we did a meta backend to merge the > two local DITs > under suffit "". > > The side effect of meta backend with ldap://localhost is the increase of > the number > opened tcp connection to slapd which are eating "thread" connections for > "nothing". > The number of "thread" in use is linked to the number of suffixmassage > used in meta > backend (2 in our case). We want to try to avoid increasing by two the > number of theads > in use to maintain the backward compatibility. > > Do you know an alternative way to merge two local DITs without using meta > backend ? > Can we use relay/ldap backend with rwm overlay instead of using meta > backend ? > > database meta > suffix "" > uri "ldap://localhost/o=test1"; > suffixmassage "o=test1" "o=test1" > uri "ldap://localhost/o=test2"; > suffixmassage "o=test2" "o=test2" > > > Thank you for your help. > > Best Regards, > Guy Baconniere. > > > > CURRENT CONFIG (slapd 2.1.x) > suffix "" > database ldbm > rootdn "cn=manager" > directory "/var/lib/ldap" > # o=test1, o=test2, cn=manager are stored within the same ldbm database > > CURRENT LDAPSEARCH (slapd 2.1.x) > ldapsearch -LLL -h localhost -p 389 -x -b '' -s one '(objectclass=*)' > '1.1' > dn: o=test1 > dn: o=test2 > dn: cn=manager > > > TEST CONFIG WITH BACKWARD COMPATIBILITY (slapd 2.4.x) > database hdb > suffix "o=test1" > rootdn "cn=admin,dc=test3,dc=com" > directory "/var/lib/ldap/test1" > database hdb > suffix "o=test2" > rootdn "cn=admin,dc=test3,dc=com" > directory "/var/lib/ldap/test2" > database hdb > suffix "dc=test3,dc=com" > rootdn "cn=admin,dc=test3,dc=com" > directory "/var/lib/ldap/dc=test3,dc=com" > database relay > suffix "cn=manager" > overlay rwm > rwm-rewriteEngine on > rwm-suffixmassage "cn=manager" "cn=manager,o=admin" > rwm-normalize-mapped-attrs yes > database meta > suffix "" > uri "ldap://localhost/o=test1"; > suffixmassage "o=test1" "o=test1" > uri "ldap://localhost/o=test2"; > suffixmassage "o=test2" "o=test2" > > LDAPSEARCH WITHOUT META BACKEND (slapd 2.4.x) > ldapsearch -LLL -h localhost -p 389 -x -b '' -s one '(objectclass=*)' > '1.1' > No such object (32) > > LDAPSEARCH WITH META BACKEND (slapd 2.4.x) > ldapsearch -LLL -h localhost -p 389 -x -b '' -s one '(objectclass=*)' > '1.1' > dn: o=test1 > dn: o=test2 > > OPENLDAP LOGS SHOWING THE LOCAL CONNECTIONS OF META BACKEND > slapd[29622]: conn=11 fd=37 ACCEPT from IP=127.0.0.1:33680 > (IP=0.0.0.0:389) > slapd[29622]: conn=11 op=0 BIND dn="" method=128 > slapd[29622]: conn=11 op=0 RESULT tag=97 err=0 text= > slapd[29622]: conn=11 op=1 SRCH base="" scope=1 deref=0 > filter="(objectClass=*)" > slapd[29622]: conn=11 op=1 SRCH attr=1.1 > slapd[29622]: conn=8 op=3 SRCH base="o=test1" scope=0 deref=0 > filter="(objectClass=*)" > slapd[29622]: conn=8 op=3 SRCH attr=1.1 > slapd[29622]: conn=8 op=3 SEARCH RESULT tag=101 err=0 nentries=1 text= > slapd[29622]: conn=9 op=3 SRCH base="o=test2" scope=0 deref=0 > filter="(objectClass=*)" > slapd[29622]: conn=9 op=3 SRCH attr=1.1 > slapd[29622]: conn=9 op=3 SEARCH RESULT tag=101 err=0 nentries=1 text= > slapd[29622]: conn=11 op=1 SEARCH RESULT tag=101 err=0 nentries=2 text= > slapd[29622]: conn=11 op=2 UNBIND > slapd[29622]: conn=11 fd=37 closed > > >
