[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Need advice on setting up referrals for replicas



Hmmm... I just found references in the archives stating that the command
line tools will not rebind on referrals.  I guess my original premise is
wrong, you can't use ldappasswd et al to work in circumstances like I
envisioned.

Sorry to waste bandwidth.
-Alan

-----Original Message-----
From: Alan Sparks <asparks@cpd.harris.com>
To: OpenLDAP Software List <openldap-software@OpenLDAP.org>
Date: Friday, September 24, 1999 3:03 PM
Subject: Need advice on setting up referrals for replicas


>Been running OpenLDAP a long while, finally want to tackle replication.
>Software is version 1.2.7 on DB 2.7.5, with GNU Pth thrown in.  On HP/UX
>10.20.
>
>I've set up a slave server, and added updatedn and referral lines to the
>slapd.conf therein.  The referral line is like:
>referral    ldap://master.mydomain.com/
>
>Tried hitting the slave with ldappasswd for a test... I'm getting the
>following output:
>>> ./ldappasswd -b 'o=Harris/NSS' -D
>"oid=usr00283,ou=Accounts,o=Harris/NSS" -E -W -vvvvv 'uid=asparks'
>Enter LDAP password:
>New password:
>Re-enter new password:
>oid=usr00283,ou=User Accounts,o=Harris/NSS:{crypt}blah
>ldap_modify: No such object
>
>The funny thing is, the slave is reporting a referral.  And, the
referred-to
>master is indeed getting hit, as shown in the following log snippet:
>
>Sep 24 14:55:20 infiniti slapd[701]: conn=65973 fd=5 connection from
>mercury.cpd
>.harris.com (137.237.216.5) accepted.
>Sep 24 14:55:20 infiniti slapd[701]: conn=65973 op=0 BIND dn="" method=128
>Sep 24 14:55:20 infiniti slapd[701]: conn=65973 op=0 RESULT err=0 tag=97
>nentries=0
>Sep 24 14:55:20 infiniti slapd[701]: conn=65973 op=1 MOD dn=""
>Sep 24 14:55:20 infiniti slapd[701]: conn=65973 op=1 RESULT err=32 tag=103
>nentries=0
>Sep 24 14:55:20 infiniti slapd[701]: conn=65973 op=2 UNBIND
>Sep 24 14:55:20 infiniti slapd[701]: conn=65973 op=2 fd=5 closed errno=0
>
>Two things wrong:
>1) that's an anonymous bind.  How come the client didn't rebind with the
>original credentials after the referral?  It'll never work...
>2) the MOD is null, instead of the DN given to the slave server.  A little
>playing shows that if I change the slave's referral to something like
>ldap://master.cpd.harris.com/o=Harris/NSS, that the MOD changes to
>o=Harris/NSS.
>
>Any pointers on what I'm doing wrong?  Read the FAQ already, is there
>something else to read?
>
>Thanks in advance.
>-Alan
>=============
>Alan Sparks, Principal Network Analyst       <asparks@cpd.harris.com>
>Harris Corporation, Camarillo CA                   (805) 389-2430
>