[389-users] ldap proxy and entry-based chaining: writing a plugin?

[Rich Megginson]

On 06/15/2011 09:27 AM, Roberto Polli wrote:
> Hi all, just a question.
>
> Does 389 provide a proxy functionality that can be used to identify
> immediately the right server to match?
>
> In case it's not supported, is it possible to develop a 389 plugin to manage
> it? Once developed, are you interested in merge that feature in the 389
> upstream?
>
>
> Imagine the following configuration:
> U - user
> P - ldap proxy with two chained server:
> * R1- real server 1
> * R2 - real server 2
>
>
> Actually when U issue a search,  on P forwards it on both the chained server.
>
> I'd like to know if there's a plugin or some sort of dynamic  configuration
> that can be used to redirect the search directly on the right server using
> some further information provided (eg. regex&  co).
There is no plugin that can do this.  The directory server has what's 
called an Entry Distribution plugin API.  This gives the plugin the 
ability to determine which backend to send an operation to.  If the 
backend is a chaining backend, then this allows the plugin to determine 
which ldap server to send the operation to.  Replication chain-on-update 
uses this feature to send search requests to the local backend and 
update requests to a master.  There are some sample plugins in the 
source code.
> Here's a standard use case.
> 1- DIT:
>   o=company, ou=italy, { dc=domain1.it, dc=domain2.it, dc=domain3.it}
>   o=company, ou=france, { dc=domain1.fr, dc=domain2.fr, dc=domain3.fr}
>
> 2- Each county is managed by one cluster. The proxy is configured with two
> dblink/chain:
> ou=italy ->cluster1
> ou=france->cluster2
>
> 3- the search is done on the proxy using one attribute "mail=user at domain1.it"
>
> 4- I'd like that all domain matching .it$ are searched first on cluster1, and
> conversely if matching .fr$ on cluster2
>
>
> Obviously if you're interested I'll clarify.
>
> Peace,
> R.