Tim Hartmann
2009-Jan-16 03:56 UTC
[Fedora-directory-users] LDAP Proxy in Fedora Directory Server
Hi I''ve got a question on referrals and proxy in RHDS. I''m in mid migration from OpenLDAP and I ran into this stansa in the slapd.conf of the old replicas. database ldap suffix "cn=OracleContext,dc=school,dc=edu" uri ldap://oidnames.sub.school.edu:8010/>From what I understand this is a proxy to one of our sisterorganizations LDAP servers (Sun Directory Server I think) I''ve been trying to replicate this functionality in my RHDS installation, and so far i''ve not been able to. I''ve tried default referrals and that doesn''t seem to work. I''ve tried to use smart referrals, but that doesn''t seem to be the right usage for smart referrals. Will RHDS / FDS do LDAP proxying? Is there some other way that I should set up referrals to allow this sort of functionality to work? Thanks in advance for your help! Tim
Rich Megginson
2009-Jan-16 04:05 UTC
Re: [Fedora-directory-users] LDAP Proxy in Fedora Directory Server
Tim Hartmann wrote:> Hi > > I''ve got a question on referrals and proxy in RHDS. I''m in mid migration > from OpenLDAP and I ran into this stansa in the slapd.conf of the old > replicas. > > database ldap > suffix "cn=OracleContext,dc=school,dc=edu" > uri ldap://oidnames.sub.school.edu:8010/ > > >From what I understand this is a proxy to one of our sister > organizations LDAP servers (Sun Directory Server I think) > > I''ve been trying to replicate this functionality in my RHDS > installation, and so far i''ve not been able to. I''ve tried default > referrals and that doesn''t seem to work. I''ve tried to use smart > referrals, but that doesn''t seem to be the right usage for smart referrals. > > Will RHDS / FDS do LDAP proxying? Is there some other way that I should > set up referrals to allow this sort of functionality to work? >Referrals might work, if all of your clients are smart enough to know how to follow them. I suggesting Chaining Database (aka Database Links) - http://www.redhat.com/docs/manuals/dir-server/ag/8.0/index.html> Thanks in advance for your help! > > Tim > > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >
Tim Hartmann
2009-Jan-16 18:36 UTC
Re: [Fedora-directory-users] LDAP Proxy in Fedora Directory Server
Rich, Thanks for the tip! So far that seems to be exactly what i need! I had to set nsProxiedAuthorization to "no" for my proxy to work, once i did that I started getting the expected results of my query! I''ve set this up on one server, and I DO have a question about the best way to push this out to my replica''s. Can Linking directories be replicated like other root suffix''s, or should i be manually adding them to all the replica''s. Can you set a replication agreement up for a Link /Chain at all, and if you can, should you? Thanks! And thanks again for steering me in the right direction! Tim Rich Megginson wrote:> Tim Hartmann wrote: >> Hi >> >> I''ve got a question on referrals and proxy in RHDS. I''m in mid migration >> from OpenLDAP and I ran into this stansa in the slapd.conf of the old >> replicas. >> >> database ldap >> suffix "cn=OracleContext,dc=school,dc=edu" >> uri ldap://oidnames.sub.school.edu:8010/ >> >> >From what I understand this is a proxy to one of our sister >> organizations LDAP servers (Sun Directory Server I think) >> >> I''ve been trying to replicate this functionality in my RHDS >> installation, and so far i''ve not been able to. I''ve tried default >> referrals and that doesn''t seem to work. I''ve tried to use smart >> referrals, but that doesn''t seem to be the right usage for smart >> referrals. >> >> Will RHDS / FDS do LDAP proxying? Is there some other way that I should >> set up referrals to allow this sort of functionality to work? >> > Referrals might work, if all of your clients are smart enough to know > how to follow them. > > I suggesting Chaining Database (aka Database Links) - > http://www.redhat.com/docs/manuals/dir-server/ag/8.0/index.html >> Thanks in advance for your help! >> >> Tim >> >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users@redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> > > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >
Rich Megginson
2009-Jan-16 19:43 UTC
Re: [Fedora-directory-users] LDAP Proxy in Fedora Directory Server
Tim Hartmann wrote:> Rich, > > Thanks for the tip! So far that seems to be exactly what i need! I had > to set > > nsProxiedAuthorization to "no" for my proxy to work, once i did that I > started getting the expected results of my query! > > I''ve set this up on one server, and I DO have a question about the best > way to push this out to my replica''s. Can Linking directories be > replicated like other root suffix''s, or should i be manually adding them > to all the replica''s. Can you set a replication agreement up for a Link > /Chain at all, and if you can, should you? >I''m not sure what you mean - do you mean replicate the definition of the database link? If so, then no, you cannot replicate cn=config. However, you can add the database link definition over LDAP, so you could easily script it with ldapmodify to add it to all of your replicas.> Thanks! And thanks again for steering me in the right direction! > > Tim > > > Rich Megginson wrote: > >> Tim Hartmann wrote: >> >>> Hi >>> >>> I''ve got a question on referrals and proxy in RHDS. I''m in mid migration >>> from OpenLDAP and I ran into this stansa in the slapd.conf of the old >>> replicas. >>> >>> database ldap >>> suffix "cn=OracleContext,dc=school,dc=edu" >>> uri ldap://oidnames.sub.school.edu:8010/ >>> >>> >From what I understand this is a proxy to one of our sister >>> organizations LDAP servers (Sun Directory Server I think) >>> >>> I''ve been trying to replicate this functionality in my RHDS >>> installation, and so far i''ve not been able to. I''ve tried default >>> referrals and that doesn''t seem to work. I''ve tried to use smart >>> referrals, but that doesn''t seem to be the right usage for smart >>> referrals. >>> >>> Will RHDS / FDS do LDAP proxying? Is there some other way that I should >>> set up referrals to allow this sort of functionality to work? >>> >>> >> Referrals might work, if all of your clients are smart enough to know >> how to follow them. >> >> I suggesting Chaining Database (aka Database Links) - >> http://www.redhat.com/docs/manuals/dir-server/ag/8.0/index.html >> >>> Thanks in advance for your help! >>> >>> Tim >>> >>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users@redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >>> >> ------------------------------------------------------------------------ >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users@redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >
Tim Hartmann
2009-Jan-16 20:05 UTC
Re: [Fedora-directory-users] LDAP Proxy in Fedora Directory Server
Rich Megginson wrote:>> > I''m not sure what you mean - do you mean replicate the definition of > the database link? If so, then no, you cannot replicate cn=config. > However, you can add the database link definition over LDAP, so you > could easily script it with ldapmodify to add it to all of your replicas. >Yup, I was asking if you could replicate the definition of the link! Thanks! This is one more checkmark off my list of things that "MUST WORK!" Thanks much! Tim