[Date Prev][Date Next] [Chronological] [Thread] [Top]

Replication

To: "LDAP software list (OpenLDAP)" <openldap-software@OpenLDAP.org>
Subject: Replication
From: "James M. Moe" <moe_jim@burr-brown.com>
Date: Tue, 03 Aug 1999 10:45:54 -0700 (MST)

Hello,

    I cannot figure out what I have done wrong in this replication
setup. I am using openldap v1.2.4 on both machines. edas03 has linux
redhat v6.0; edas02 has linus rehdat v5.2.
    Changes to the master are replicated in the slave. Changes sent to
the slave are referred to the master who rejects them as having
insufficient access.

    So. Why is the access insufficient? Does replication need some
special type of entry?


    The master LDAP (on host edas03) has these entries for replication:

replogfile	/usr/local/ldap/slapd.replog

database	ldbm
suffix		"dc=bbrown,dc=com"
directory	/usr/local/ldap/dbfiles
rootdn		"cn=root,dc=bbrown,dc=com"

replica 	host=edas02.bbrown.com
		binddn="cn=edas,dc=bbrown,dc=com"
		bindmethod=simple  credentials=echo


    The slave has these entries:

referral	ldap://edas03.bbrown.com

updatedn	"cn=edas,dc=bbrown,dc=com"
access to * by dn="cn=edas,dc=bbrown,dc=com" write


    The command
ldapmodify -h edas02 -D "cn=root,dc=bbrown,dc=com" -w secret < change.2

always gives this response:

modifying entry: <the dn of the entry>
ldap_modify: Insufficient access

Using debug shows that the command is referred to the master who
decides that there is insufficient access to change the entry. "root"
is insufficient?!?


    If I issue the command like this (change in the master):
ldapmodify -h edas03 -D "cn=root,dc=bbrown,dc=com" -w xxxx < change.2

the entry is modified in both the master and the slave, ie, the change
is propogated to the slave.


    If I issue the command like this (change in the slave):
ldapmodify -h edas02 -D "cn=edas,dc=bbrown,dc=com" -w echo < change.2

the entry is modified in the slave ONLY since it sees the updatedn and
thinks the command is coming from the master.


    The dn "cn=edas,dc=bbrown,dc=com" exists in both databases with the
same password.
dn: cn=edas,dc=bbrown,dc=com
objectclass: top
objectclass: person
cn: edas
sn: bbrown.com
userpassword: echo


----[ change.2 ]------

dn: corbaRepositoryId=IDL:burr-brown.com/module/interface/, dc=bbrown,
dc=com
changetype: modify
replace: corbaIor
corbaior: IOR:bogus ior, change to xxqqyyzy!...

Jim Moe

Prev by Date: Compiling with --enable-slurpd
Next by Date: Access-Control
Index(es):
- Chronological
- Thread