[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ITS#6475

To: openldap-its@OpenLDAP.org
Subject: Re: ITS#6475
From: manu@netbsd.org
Date: Sun, 14 Mar 2010 13:27:08 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

<masarati@aero.polimi.it> wrote:

> Please test.  p.

It works, but needs to adjustement to the master ACL. My basic
configuration yield me this at OTP bind on replica:
ldap_sasl_interactive_bind_s: Bad parameter to an ldap routine (-9)

replica slapd  logs:

conn=1001 op=0 RESULT tag=103 err=50 text=
SASL [conn=1001] Failure: Error putting OTP secret
send_ldap_result: conn=1001 op=0 p=3
send_ldap_result: err=80 matched="" text="SASL(-1): generic failure:
Error putting OTP secret"

This has been fixed on the master, by adding this at the beginning of
the ACL:

access to * attrs=cmusaslsecretOTP
    by dn.regex="cn=replica,o=test" write stop
    by * break


Another point: bind on the replica is impossible when the master is
down. I understand this is to prevent replaying the same OTP on multiple
replicas, but that defeats the purpose of setting up replicas for fail
over. What about making the behavior configurable?

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@netbsd.org

Prev by Date: (ITS#6490) dds and pcache overlays not checking NULL value
Next by Date: Re: ITS#6475
Index(es):
- Chronological
- Thread