[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Referral -> insufficient access

To: Frédéric Poels <fpo@atos.be>
Subject: Re: Referral -> insufficient access
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Thu, 02 Sep 1999 13:12:35 -0700
Cc: OpenLDAP-software@OpenLDAP.org
In-reply-to: <3.0.6.32.19990902191214.00945a90@mail>

At 07:12 PM 9/2/99 +0200, Frédéric Poels wrote:
>I am running slapd 1.2.6 on two AIX machines, replicating from one to another.
>Replication works fine wrom Master to Slave. Changes applied to the Master
>are replicated to the slave. Changes applied to the slave return an
>"Insufficient access" error.

Changes to the slave should be referred to the master.  The
client should automatically chase this referral.  However,
many clients (including OpenLDAP ldap* tools) do not support
rebind when simple bind is in use.  This is a security feature.

As OpenLDAP 1.x only implements simple bind, all of the
provided clients do not rebind when chasing referrals.

When using the command line tools which may modify the
directory, it's best to use the -R option and than manually
chase the referral by reissuing the command to the
appropriate server.

You are, of course, welcome to hack up the clients to support
rebinding...  (I would welcome patches that implement rebind
in a manner that provided adequate transmission of credentials
to unintended server).

Kurt

Follow-Ups:
- Re: Referral -> insufficient access
  - From: Frédéric Poels <fpo@atos.be>

References:
- Referral -> insufficient access
  - From: Frédéric Poels <fpo@atos.be>

Prev by Date: Re: Server dies
Next by Date: Problems deleting entries
Index(es):
- Chronological
- Thread