[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: error in modifying subordinate entries

To: Rakesh Yadav <rakeshyadav83@gmail.com>
Subject: Re: error in modifying subordinate entries
From: Pierangelo Masarati <ando@sys-net.it>
Date: Sat, 28 Feb 2009 16:07:32 +0100
Cc: openldap-technical@openldap.org
In-reply-to: <31ad491f0902270355n61fad1c7h444885e69174382a@mail.gmail.com>
References: <31ad491f0902270355n61fad1c7h444885e69174382a@mail.gmail.com>
User-agent: Thunderbird 2.0.0.17 (X11/20081001)

Rakesh Yadav wrote:

I want to establish communication between two ldap servers at different
machines.
For this i have used "ref attribute of ldap" by using this attribute, i am

Not sure what you mean, but I presume you're using the LDAP referral mechanism.

able to retrieve
entries of second ldap server. Means i can read or search entries of second
server from
first ldap server.

But the problem comes when i want to modify any attribute of an entry of
second server
from the first server.

Definitely i am having some access permissions related error.

Here i am attaching slapd.conf files of both ldap servers.

*First Server* *slapd.conf:*


(snip)

*access to * by * write*

^^^ not a wise policy, I hope it's just for testing. In any case you can't have any access privilege issue with it. Granted.


--------------------------------------------------------------------------------------------------------------------------------

*Second server's slapd.conf:*


(snip)

*access to * by * write*


^^^ same as above

-----------------------------------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------------------------

*FIRST LADP SERVER DN*:

fn=test_ref,fn=bioinfo,fn=gstorage,fn=gfs,dc=cdac,dc=in

where *test_ref* is having *ref* attribute

dn: fn=test_ref,fn=bioinfo,fn=gstorage,fn=gfs,dc=cdac,dc=in
objectClass: referral
objectClass: extensibleObject
fn: test_ref
ref: ldap://192.168.5.243/fn=test_ref,dc=cdac,dc=in


*NOW SECOND LDAP SERVER is having DN*:

dn: fn=test1,fn=test_ref,dc=cdac,dc=in


Now i want to delete "*fn=test1,fn=test_ref,dc=cdac,dc=in*" this entry.
I have used ldap command line tool "*ldapdelete*" and executed this tool on
*first LDAP machine*.

Then the result of command is:

**[root@tapti LDIF]# ldapdelete -x -h "tapti" -D "cn=Manager,dc=cdac,dc=in"
\"fn=test1,fn=test_ref,fn=bioinfo,fn=gstorage,fn=gfs,dc=cdac,dc=in" -w
"secret"
ldap_delete: Referral (10)
        matched DN: fn=test_ref,fn=bioinfo,fn=gstorage,fn=gfs,dc=cdac,dc=in
        referrals:
                ldap://
192.168.5.243/fn=test1,fn=test_ref,fn=bioinfo,fn=gstorage,fn=gfs,dc=cdac,dc=in

This is the expected behavior: ldapdelete provides no means to automatically chase referrals.

p.


Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
-----------------------------------
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Fax:     +39 0382 476497
Email:   ando@sys-net.it
-----------------------------------

References:
- error in modifying subordinate entries
  - From: Rakesh Yadav <rakeshyadav83@gmail.com>

Prev by Date: Re: ldappasswd returns "Additional info: password hash failed" in Solaris 10 SPARC
Next by Date: Re: ldappasswd returns "Additional info: password hash failed" in Solaris 10 SPARC
Index(es):
- Chronological
- Thread