> Hello, > >> You can do this just fine. I do it in all my installs. >> You simply need to declare them in the right order. I.e., you must >> declare monitor, etc before the empty suffix. > > I did not realize that the order was important. > > Thank you very much ! > > > For meta backend it can be a good add-on feature to avoid > generating a tcp connection to connect to localhost as the > relay backend does. > > People may not realise that for one client connection to a > meta DB the server is generating N parallels tcp connections > (equal to the number of suffixmassage) to the target server > (localhost). It will reach easily the default 32 threads > on the ldap server. > > Then if you increase the number of thread you will get > "warning, threads=128 larger than twice the default (2*16=32); YMMV." > > If found another kind of "issue" with meta with localhost > that it will act as a ldap client connecting to it self > and you may skip the fact that it needs to have full read > credential. Even if you connect with ldapsearch as super > user (cn=admin,..) on a meta DIT you will not get a full > access to the tree because the "client" by default is > anonymous so it has restricted ACL.
Everything you just realized is documented. However, you didn't realize that if back-meta were redesigned to short-circuit local calls like back-relay does, operations performed that way would no longer be concurrent, because internal calls are synchronous. As a consequence, your specialized back-meta would be nothing but a gluing of a mix of back-relay and other backends using the "subordinate" directive. p.