[Date Prev][Date Next]
Re: Need advice on setting up referrals for replicas
Hmmm... I just found references in the archives stating that the command
line tools will not rebind on referrals. I guess my original premise is
wrong, you can't use ldappasswd et al to work in circumstances like I
Sorry to waste bandwidth.
From: Alan Sparks <email@example.com>
To: OpenLDAP Software List <openldap-software@OpenLDAP.org>
Date: Friday, September 24, 1999 3:03 PM
Subject: Need advice on setting up referrals for replicas
>Been running OpenLDAP a long while, finally want to tackle replication.
>Software is version 1.2.7 on DB 2.7.5, with GNU Pth thrown in. On HP/UX
>I've set up a slave server, and added updatedn and referral lines to the
>slapd.conf therein. The referral line is like:
>Tried hitting the slave with ldappasswd for a test... I'm getting the
>>> ./ldappasswd -b 'o=Harris/NSS' -D
>"oid=usr00283,ou=Accounts,o=Harris/NSS" -E -W -vvvvv 'uid=asparks'
>Enter LDAP password:
>Re-enter new password:
>ldap_modify: No such object
>The funny thing is, the slave is reporting a referral. And, the
>master is indeed getting hit, as shown in the following log snippet:
>Sep 24 14:55:20 infiniti slapd: conn=65973 fd=5 connection from
>.harris.com (18.104.22.168) accepted.
>Sep 24 14:55:20 infiniti slapd: conn=65973 op=0 BIND dn="" method=128
>Sep 24 14:55:20 infiniti slapd: conn=65973 op=0 RESULT err=0 tag=97
>Sep 24 14:55:20 infiniti slapd: conn=65973 op=1 MOD dn=""
>Sep 24 14:55:20 infiniti slapd: conn=65973 op=1 RESULT err=32 tag=103
>Sep 24 14:55:20 infiniti slapd: conn=65973 op=2 UNBIND
>Sep 24 14:55:20 infiniti slapd: conn=65973 op=2 fd=5 closed errno=0
>Two things wrong:
>1) that's an anonymous bind. How come the client didn't rebind with the
>original credentials after the referral? It'll never work...
>2) the MOD is null, instead of the DN given to the slave server. A little
>playing shows that if I change the slave's referral to something like
>ldap://master.cpd.harris.com/o=Harris/NSS, that the MOD changes to
>Any pointers on what I'm doing wrong? Read the FAQ already, is there
>something else to read?
>Thanks in advance.
>Alan Sparks, Principal Network Analyst <firstname.lastname@example.org>
>Harris Corporation, Camarillo CA (805) 389-2430