[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: updateref not working

To: Sean Hussey <seanhussey@gmail.com>
Subject: Re: updateref not working
From: Pierangelo Masarati <ando@sys-net.it>
Date: Mon, 20 Mar 2006 22:04:25 +0100
Cc: openldap-software@OpenLDAP.org
In-reply-to: <c89c8a510603201107n57b9f663nac39e7c6f6956606@mail.gmail.com>
References: <c89c8a510603011006j56dc88edobcdce532c82f1310@mail.gmail.com> <44060F63.6040803@stanford.edu> <c89c8a510603011417q10fceddcqe4b784a36c351f6e@mail.gmail.com> <440628C9.6050707@stanford.edu> <c89c8a510603071424k58fd5b6du1de48de5ca84a9cb@mail.gmail.com> <88C340914775BC0A3BFEC1A5@cadabra-sw.stanford.edu> <c89c8a510603201107n57b9f663nac39e7c6f6956606@mail.gmail.com>

On Mon, 2006-03-20 at 14:07 -0500, Sean Hussey wrote:
> Sorry, my question re-posed to the list--
> 
> Does OpenLDAP's ldapmodify follow referrals?  I can't seem to get it
> to work.  When trying to modify the userPassword against any of our
> child servers, it will say "modify complete," but the userPassword
> attribute is not changed on the master:
> 
> $  ldapmodify -D "uid=testerguy,ou=people,dc=company,dc=com" -h
> "ldapchild"  -x -W -v -f testerguy.ldif
> ldap_initialize( ldap://ldapchild )
> Enter LDAP Password:
> replace userPassword:
>        {MD5}*****==
> modifying entry "uid=testerguy,ou=people,dc=company,dc=com"
> modify complete
> ldap_modify: Referral (10)
>        referrals:
>                ldap://ldapmaster/uid=testerguy,ou=people,dc=company,dc=com
> 
> $
> 
> The password is not changed on the master, however.

OpenLDAP tools don't chase referrals by design.  Some of them can chase
referrals anonymously, and this in most cases is not going to work for
writes.  When you get a referral, you're supposed to cut'n'paste the URL
into the -H option (and anywhere else appropriate) in your command line
and re-execute the command (that is: they're very simple tools that do
not provide esoteric features like guessing what credentials one might
want to disveal while automatically chasing a referral, or prompting for
them).

As per the message you get, returning a referral is a perfectly valid
LDAP means to honor an operation, and it should not be seen as an error
(in fact, some return codes different from success, like referral and
others are called "response codes" rather than "error codes").  So, from
an LDAP perspective, performing the write and returning a referral are
both successful ways to honor a request, although, of course, they have
different implications.

If you want to use your slaves as write entry points, you should have a
look at test032 and slapo-chain(5) (2.3 only).

p.

Ing. Pierangelo Masarati
Responsabile Open Solution
OpenLDAP Core Team

SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
------------------------------------------
Office:   +39.02.23998309          
Mobile:   +39.333.4963172
Email:    pierangelo.masarati@sys-net.it
------------------------------------------

References:
- updateref not working
  - From: "Sean Hussey" <seanhussey@gmail.com>
- Re: updateref not working
  - From: Quanah Gibson-Mount <quanah@stanford.edu>
- Re: updateref not working
  - From: "Sean Hussey" <seanhussey@gmail.com>
- Re: updateref not working
  - From: Quanah Gibson-Mount <quanah@stanford.edu>
- Re: updateref not working
  - From: "Sean Hussey" <seanhussey@gmail.com>

Prev by Date: Re: updateref not working
Next by Date: Re: updateref not working
Index(es):
- Chronological
- Thread