[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: replicate to a DX-View(X500DAP, X500DSP) Server
> Hello,
>
> we have in our company an application which relies centrally on an
> X500DAP,X500DSP Server. This Server can be queried via the
> LDAP-Protocol, but I don't know if it supports also ldapadd.ldapmodify
> and so on...
>
> Every decentral location should have also a Directory with the same
> content. But every location should administer and modify its content by
> its own. (its branch in the tree). Since I'm using here Openldap and
> don't want to give it away I'am looking for a way to replicate my
> content to this server.
>
> So I installed an ldapmaster which replicates via slurpd to an
> ldapproxy, which should give it to a third ldap-server. As I modified an
> attribute on the ldapmaster I get the follwing message from my
> ldapproxy:
>
> RESULT tag=103 err=19 text=entryCSN: no user modification allowed
> Feb 27 15:19:36 lxlki108 ldapproxy[20161]: conn=0 op=2 MOD dn="cn=by
> augsburg pi 8,ou=BY,o=POL,c=DE"
>
> What am I doing wrong ? Are there other possibilities ? The second step
> is to get LDAP-Requests from the central server ( for other branches) to
> my LDAP-Proxy which should give it to my ldapproxy which should pass
> that values, operations to my ldapmaster.
You're replicating thru a back-ldap, I assume (a think I never tried),
and apparently the proxy is not allowing operational attribute
modification.
You can either add a updatedn to the proxy, to make it believe
it's a replica, but then only the updatedn would be allowed to
perform write operations; or you may strip operational attributes
from replication, by using
replica host=host # more replication options ...
attr!=structuralObjectClass,entryUUID,creatorsName,createTimestamp
attr!=entryCSN,modifiersName,modifyTimestamp,subschemaSubentry
attr!=hasSubordinates
(I think I'll add an alias for operational ...)
p.
--
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it