[Date Prev][Date Next] [Chronological] [Thread] [Top]

No referral send when using PasswdExtModify (rfc3062) to change passwd on slave (ITS#3036)

To: openldap-its@OpenLDAP.org
Subject: No referral send when using PasswdExtModify (rfc3062) to change passwd on slave (ITS#3036)
From: ldapadmin@konvulsator.kicks-ass.org
Date: Tue, 23 Mar 2004 10:59:00 GMT

Full_Name: Wojtek Sczygiol
Version: 2.2.6
OS: Linux/2.6.3
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (212.202.29.58)


I have my posixAccount info stored on my ldap server (master.xyz) and use
syncrepl on my laptop (slave1.xyz) with "provider=ldaps://master.xyz", which BTW
works great.
On both hosts, pam_ldap & nss_ldap are configured to connect to 127.0.0.1 so I
can always login even when disconnected from master.xyz.

When I try to modify data on the slave I get a referral to "ldaps://master.xyz"
- as expected. 
However, when I use ldappasswd to change a password on the slave, the extended
modify operation succeedes and the password is actually changed in the slave
dit. Some effect with passwd(1) using ldap backend: The password change
succeedes, the following (regular) modify operation on shadowLastChange fails
and gets the referral.

One should expect that _all_ operations that would alter the synchronized dit
fragment in any way should fail on the slave and _always_ return a referral.
(Maybe slapd should even log a warning when encountering ACLs that allow write
access to synchronized dit fragments on the slave.)

Prev by Date: Using libtool -release versus -version-info breaks packages (ITS#3035)
Next by Date: Re: Using libtool -release versus -version-info breaks packages (ITS#3035)
Index(es):
- Chronological
- Thread