The Meta Back End

The LDAP back end provides your OpenLDAP server with the capabilities of a proxy server, and two additional back ends deliver rewrite and masquerading abilities that complete the proxy OpenLDAP server. The meta back end is compiled with the configure instruction

 --enable-met 

The meta back end requires the rewrite engine code to be compiled, which is achieved with the instruction

 --enable-rewrit 

The meta hack end extends the functionality of the LDAP (proxy) back end, and they also share pieces of source code. You must compile the LDAP back end in the OpenLDAP executable. Following is the shell script that prepares OpenLDAP for compilation:

 #!/usr/bin/sh # # Name           : ConfigLdapServer.sh # Author         : Reinhard E. Voglmaier # Date           : 27.04.2003 # Version        : 2.1 # Description    : Configure OpenLDAP compilation/installation # # Server Name, used later in the configure switches Server=proxy Main=ldap CC=gcc                                                        \ CPPFLAGS="-I/usr/local/BerkeleyDB.4.1/include"                \ LDFLAGS="-L/usr/local/BerkeleyDB.4.1/lib"                     \ ./configure                                                   \   --bindir=/usr/local/${Server}/bin                           \   --sbindir=/usr/local/${Server}/sbin                         \   --libexecdir=/usr/local/${Server}/libexec                   \   --libdir=/usr/local/${Server}/lib                           \   --localstatedir=/usr/local/${Server}/var                    \   --sysconfdir=/usr/local/$(Server)/etc                       \   --mandir=/usr/local/${Main)/man                             \   --includedir=/usr/local/${Main}/include                     \   --datadir=/usr/local/$Main)/share                           \   --disable-bdb                                               \   --enable-rewrite                                            \   --enable-ldap                                               \   --enable-meta 

What is the difference between the proxy back end enabled with mod-ldap and the meta back end? The mod-ldap proxy back end is intended for proxying with one proxy only. The meta back end allows you to proxy to more than one LDAP server. It also helps you in masquerading the traffic between the actual LDAP servers and the clients. This means that the client has no idea which LDAP server answers its requests, nor how this LDAP server is configured. You will wonder why hiding this information can be useful. Imagine you use the proxy server on the Internet as the entry point for a directory used also for protected information. Using a proxy server that hides information from outside entry helps to protect this information. The view given to the users coming from outside disables any unauthorized request to the directory server that holds the information.

If you need more information about the meta back end, look at the manual pages of OpenLDAP distributed with the source text of the OpenLDAP distribution.