20081115 a slapd meta configuration - plembo/onemoretech GitHub Wiki

title: A slapd-meta configuration link: https://onemoretech.wordpress.com/2008/11/15/a-slapd-meta-configuration/ author: lembobro description: post_id: 429 created: 2008/11/15 05:51:50 created_gmt: 2008/11/15 05:51:50 comment_status: open post_name: a-slapd-meta-configuration status: publish post_type: post

A slapd-meta configuration

Just wanted to quickly note down a couple of things to document some configuration work I've been doing with OpenLDAP's slapd-ldap (proxy) and slapd-meta backends. Both do basically the same thing, provide a virtual directory that can be used to transform entries at the attribute level, as well as to massage entry dn's when necessary.

database        meta
suffix          "o=example,c=US"
uri             "ldap://ldap.example.com/ou=home,o=example,c=US"
suffixmassage   "ou=home,o=example,c=US" "ou=people,dc=example,dc=com"
acl-authcDN     "cn=manager,dc=example,dc=com
acl-passwd      secret

What this configuration results in is an OpenLDAP meta server that translates an entry like "uid=test,ou=People,dc=example,dc=com" into the entry "uid=test,ou=home,o=example,c=US" The directives are pretty much as they appear in a slapd-proxy slapd.conf, although some older code has made it necessary, for backward compatibility, to maintain some older terminology like "suffixmassage" rather than "rwm-suffixmassage". I've abandoned any hope of getting either slapd-meta or slapd-ldap to solve the biggest problem I face in a heterogeneous computing environment -- applications that can't navigate complex directory hierarchies. There are a lot of them out there. From major publishers. The really difficult thing about trying to work with these features, and OpenLDAP in general, is the really poor state of the product documentation (a shortcoming shared with many commercial products). At one point while experimenting mapping the complex directory structure on the Sun Directory at work to a much "flatter" space I hit a wall. First contact with the OpenLDAP Software list seemed promising, but then list moderator I was interacting with -- one of the OpenLDAP core team members -- became impatient and cut off the discussion as "requiring too much effort" on his part1. I found the exchange simply astounding and haven't bothered to go back on that list since. 1 My best guess was that there was some weirdness in how slapd-meta interacted with Sun's peculiar implementation of referrals in a multi-master environment.

Copyright 2004-2019 Phil Lembo