> >>Chen, Shi Jun SLC CT PEK wrote: >>> I want to write a overlay "DirectForwarding" that does not do the > LDAP >>> request in local back-bdb, but intercepts the request and forwards it > to >>> a remote DSA. >>> > > Howard Chu wrote: >>This sounds to me like just using back-ldap all by itself. Why do you > Think this needs to be an overlay? > > Yes, I can configure slapd.conf to use back-ldap as the backend > database. > But how can I make back-ldap to select the server dynamically according > to the concrete content of LDAP request? > > For example, the entries are in the same sub-tree, but are devided in > three remote DSAs (A, B & C). When the local DSA receives the request on > entry resided in B, how to use back-ldap to route the request to DSA B?
If the remote DSAs are divided in a hierarchical manner (e.g. each of them contains a subtree of the common tree) you can use either back-meta or glued instances of back-ldap (see the "subordinate" directive in slapd.conf(5)). If entries are randomly interspersed in the remote DSAs, you can use back-meta; the overhead is that search requests will be broadcast to all remote servers even if the right one could be determined by some rule. > Obviously, specifying DSA A, B & C in a single ldapurl argument will not > work, for back-ldap just uses the first server of the list. That's the intended behavior. > And can I configure multiple back-ldap to achieve it? But there is a > problem that these entries in A, B & C are in the same sub-tree and will > have the same suffix. > > And another question: can we have other methods to specify the URIs > instead of configuring them statically in slapd.conf? It depends on what you mean. If you mean "dynamically" select the URI from a fixed pool, then you could define multiple back-ldap, each with its own separate suffix, and use some rewrite rule in a global slapo-rwm(5) to select the appropriate one based on the DN of the request. This might require two passes of DN rewriting in your specific cases: one prior to database selection, and one inside the database to restore the original DN. See slapo-rwm(5) for details. p. Ing. Pierangelo Masarati Responsabile Open Solution OpenLDAP Core Team SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: [EMAIL PROTECTED] ------------------------------------------
