Hello,
We want to update our old OpenLDAP server from 2.1.x to 2.4.x but the current
configuration do not use a regular suffix (o=foo,c=bar nor dc=foo,dc=bar) but
use an empty suffix ("").
We want to move away from empty suffix as we cannot use cn=monitor or any
additional suffixes as they can not bind when a suffix ""is in use in a hdb
database :
<suffix> namingContext "o=..." already served by a preceding hdb database
serving namingContext ""
We still have some old applications which are using empty search base and query
implicitly the union of o=A and o=B stored within the same ldbm database.
To maintain the backward compatibility we did a meta backend to merge the two
local DITs
under suffit "".
The side effect of meta backend with ldap://localhost is the increase of the
number
opened tcp connection to slapd which are eating "thread" connections for
"nothing".
The number of "thread" in use is linked to the number of suffixmassage used in
meta
backend (2 in our case). We want to try to avoid increasing by two the number
of theads
in use to maintain the backward compatibility.
Do you know an alternative way to merge two local DITs without using meta
backend ?
Can we use relay/ldap backend with rwm overlay instead of using meta backend ?
database meta
suffix ""
uri "ldap://localhost/o=test1";
suffixmassage "o=test1" "o=test1"
uri "ldap://localhost/o=test2";
suffixmassage "o=test2" "o=test2"
Thank you for your help.
Best Regards,
Guy Baconniere.
CURRENT CONFIG (slapd 2.1.x)
suffix ""
database ldbm
rootdn "cn=manager"
directory "/var/lib/ldap"
# o=test1, o=test2, cn=manager are stored within the same ldbm database
CURRENT LDAPSEARCH (slapd 2.1.x)
ldapsearch -LLL -h localhost -p 389 -x -b '' -s one '(objectclass=*)' '1.1'
dn: o=test1
dn: o=test2
dn: cn=manager
TEST CONFIG WITH BACKWARD COMPATIBILITY (slapd 2.4.x)
database hdb
suffix "o=test1"
rootdn "cn=admin,dc=test3,dc=com"
directory "/var/lib/ldap/test1"
database hdb
suffix "o=test2"
rootdn "cn=admin,dc=test3,dc=com"
directory "/var/lib/ldap/test2"
database hdb
suffix "dc=test3,dc=com"
rootdn "cn=admin,dc=test3,dc=com"
directory "/var/lib/ldap/dc=test3,dc=com"
database relay
suffix "cn=manager"
overlay rwm
rwm-rewriteEngine on
rwm-suffixmassage "cn=manager" "cn=manager,o=admin"
rwm-normalize-mapped-attrs yes
database meta
suffix ""
uri "ldap://localhost/o=test1";
suffixmassage "o=test1" "o=test1"
uri "ldap://localhost/o=test2";
suffixmassage "o=test2" "o=test2"
LDAPSEARCH WITHOUT META BACKEND (slapd 2.4.x)
ldapsearch -LLL -h localhost -p 389 -x -b '' -s one '(objectclass=*)' '1.1'
No such object (32)
LDAPSEARCH WITH META BACKEND (slapd 2.4.x)
ldapsearch -LLL -h localhost -p 389 -x -b '' -s one '(objectclass=*)' '1.1'
dn: o=test1
dn: o=test2
OPENLDAP LOGS SHOWING THE LOCAL CONNECTIONS OF META BACKEND
slapd[29622]: conn=11 fd=37 ACCEPT from IP=127.0.0.1:33680 (IP=0.0.0.0:389)
slapd[29622]: conn=11 op=0 BIND dn="" method=128
slapd[29622]: conn=11 op=0 RESULT tag=97 err=0 text=
slapd[29622]: conn=11 op=1 SRCH base="" scope=1 deref=0 filter="(objectClass=*)"
slapd[29622]: conn=11 op=1 SRCH attr=1.1
slapd[29622]: conn=8 op=3 SRCH base="o=test1" scope=0 deref=0
filter="(objectClass=*)"
slapd[29622]: conn=8 op=3 SRCH attr=1.1
slapd[29622]: conn=8 op=3 SEARCH RESULT tag=101 err=0 nentries=1 text=
slapd[29622]: conn=9 op=3 SRCH base="o=test2" scope=0 deref=0
filter="(objectClass=*)"
slapd[29622]: conn=9 op=3 SRCH attr=1.1
slapd[29622]: conn=9 op=3 SEARCH RESULT tag=101 err=0 nentries=1 text=
slapd[29622]: conn=11 op=1 SEARCH RESULT tag=101 err=0 nentries=2 text=
slapd[29622]: conn=11 op=2 UNBIND
slapd[29622]: conn=11 fd=37 closed
