[Date Prev][Date Next]
No referral send when using PasswdExtModify (rfc3062) to change passwd on slave (ITS#3036)
Full_Name: Wojtek Sczygiol
Submission from: (NULL) (188.8.131.52)
I have my posixAccount info stored on my ldap server (master.xyz) and use
syncrepl on my laptop (slave1.xyz) with "provider=ldaps://master.xyz", which BTW
On both hosts, pam_ldap & nss_ldap are configured to connect to 127.0.0.1 so I
can always login even when disconnected from master.xyz.
When I try to modify data on the slave I get a referral to "ldaps://master.xyz"
- as expected.
However, when I use ldappasswd to change a password on the slave, the extended
modify operation succeedes and the password is actually changed in the slave
dit. Some effect with passwd(1) using ldap backend: The password change
succeedes, the following (regular) modify operation on shadowLastChange fails
and gets the referral.
One should expect that _all_ operations that would alter the synchronized dit
fragment in any way should fail on the slave and _always_ return a referral.
(Maybe slapd should even log a warning when encountering ACLs that allow write
access to synchronized dit fragments on the slave.)