[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ITS#6475

<masarati@aero.polimi.it> wrote:

> Please test.  p.

It works, but needs to adjustement to the master ACL. My basic
configuration yield me this at OTP bind on replica:
ldap_sasl_interactive_bind_s: Bad parameter to an ldap routine (-9)

replica slapd  logs:

conn=1001 op=0 RESULT tag=103 err=50 text=
SASL [conn=1001] Failure: Error putting OTP secret
send_ldap_result: conn=1001 op=0 p=3
send_ldap_result: err=80 matched="" text="SASL(-1): generic failure:
Error putting OTP secret"

This has been fixed on the master, by adding this at the beginning of
the ACL:

access to * attrs=cmusaslsecretOTP
    by dn.regex="cn=replica,o=test" write stop
    by * break

Another point: bind on the replica is impossible when the master is
down. I understand this is to prevent replaying the same OTP on multiple
replicas, but that defeats the purpose of setting up replicas for fail
over. What about making the behavior configurable?

Emmanuel Dreyfus