Re: Can dynlist query from database hdb access entries in a database ldap on the same slapd?

Wed, 28 Mar 2012 11:26:09 -0700 

openldap 2.3 latest

the dynlist feature works when I change the database backend from ldap
to a bdb backend replica of the master.  That's unfortunate, I'd like
to not have to replicate the data to my local ldap box.

-judd

On Tue, Mar 27, 2012 at 3:30 PM, Judd Maltin <[email protected]> wrote:
> START slapd.conf:
>
> overlay         dynlist
> dynlist-attrset myGroupOfURLs myMemberURL
>
> # happy.net: I can query through this proxy just fine.
> database        ldap
> suffix          "dc=happy,dc=net"
> uri             "ldap://ldap1.lga6.us.happy.net";
> acl-bind        bindmethod=simple binddn="cn=replicant,ou=Service
> Accounts,dc=happy,dc=net" credentials=my!!replicant
>
> # happy.com: the following database has dc=happy,dc=com data in it already.
> database        hdb
> suffix          ""
> rootdn          "cn=Manager,dc=happy,dc=com"
> rootpw         secret
>
> directory       /var/lib/ldap
>
> index objectClass                       eq,pres
> index ou,cn,mail,surname,givenname      eq,pres,sub
> index uidNumber,gidNumber,loginShell    eq,pres
> index uid,memberUid                     eq,pres,sub
> index nisMapName,nisMapEntry            eq,pres,sub
> # indexes for replication
> index entryCSN,entryUUID                eq
>
> overlay syncprov
> syncprov-checkpoint 100 10
> syncprov-sessionlog 200
>
> END slapd.conf
>
> START good dynlist entry
>
> dn: cn=admin2,ou=Groups,dc=happy,dc=com
> objectClass: posixGroup
> objectClass: top
> objectClass: myGroupOfURLs
> cn: admin2
> gidNumber: 20005
> myMemberURL: 
> ldap:///cn=sysadmins,ou=Groups,dc=happy,dc=com?memberUID?base?(objectClass=posixGroup)
>
> works great and populates my memberUID just great.
>
> END good dynlist entry
>
> START bad dynlist entry
> dn: cn=admin2,ou=Groups,dc=happy,dc=com
> objectClass: posixGroup
> objectClass: top
> objectClass: myGroupOfURLs
> cn: admin2
> gidNumber: 20005
> myMemberURL: 
> ldap:///cn=sysadmins,ou=Groups,dc=happy,dc=net?memberUID?base?(objectClass=posixGroup)
>
> FAILS no entries in memeberUID - it a naming context mixup because
> "suffix ''" above?
>
>
> --
> Judd Maltin
> T: 917-882-1270
> F: 501-694-7809
> A loving heart is never wrong.



-- 
Judd Maltin
T: 917-882-1270
F: 501-694-7809
A loving heart is never wrong.

Reply via email to