[Date Prev][Date Next] [Chronological] [Thread] [Top]

some questions.



hi.

i have some minor questions/problems.  over all i'm very happy with
openldap, thanks for all the hardwork everyone.

- i have replication working great between my master and slave.  i am
  however having a problem with referals back, i do have updateref
  specified in the slaves slapd.conf and i can see the referral hit the
  logs of master, however... when i run this command:

  ldapmodify -h master -x -D "uid=adam,dc=blah,dc=com" -W -f /tmp/testmod

  it works perferctly.  when i run it against the slave without the -C i
  get a referal notification.  when i run it with the -C i get
  "ldap_modify: Insufficient access".  so it works directly against the
  master so it's not a commandline syntax error.

  what figured out is when i put the servers into debug mode i see the
  acl's approve permissions for the write on the slave (as it should the
  acls are identical between the master and the slave), and then as the
  referal is chased to the master i see an anonymous bind and access
  denied (as it should be to an anonymous request).

  are all referals followed anonymously?  this doesn't seem very useful.
  if not then what haven't i done in order to make this work correctly?

- i use the cn=manager,dc=blah,dc=org as the updatedn for replication to
  my slave servers.  are there any issues with using the rootdn for
  replication?  it's easy enough to setup another user to act as the
  updatedn but i'm not sure i see the point since it also requires full
  access.

- i get a lot of these in my logs.

  Feb 13 16:32:20 protos slapd[7469]: [ID 307533 local4.info] ldbm: ==> set_cachesize: method meaningless in shared environment

  is it important, and what can i do to fix it if it's a problem?

- i have openldap compiled with tls support.  my understanding is that
  with start tls enabled you don't use port 636, instead the client
  negotiates the use of ssl over the normal port.  if i specify an ldaps
  url will that work with start tls or do i have to be listening on port
  636?

- if i want to extend my schema to include custom attributes what do i put
  in for the oid?  can i leave it blank?  if not what's an acceptable
  place holder?

thanks,
adam.