[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: AW: Replication between different Versions of server

To: Pierangelo Masarati <masarati@aero.polimi.it>
Subject: Re: AW: Replication between different Versions of server
From: Paul Jakma <paul@clubi.ie>
Date: Tue, 15 May 2001 01:39:29 +0100 (IST)
Cc: Tiefnig Daniel <daniel.tiefnig@infonova.at>, OpenLDAP Software <openldap-software@OpenLDAP.org>
In-reply-to: <3AFF954F.5D0F7F39@aero.polimi.it>

On Mon, 14 May 2001, Pierangelo Masarati wrote:

> modification. The only missing functionality would be the referral return
> on write attempt.

how do you get the refferal on write to work? it will not work for
me -> clients that try to write to the slave are reffered to the
master alright, but they always get "insufficient access". same
client on same entry, same acl being applied but talking to the
master LDAP server (hence with correct bind dn) can modify the entry.

eg: (fogarty is slave that client is trying to modify an entry it
owns and can modify on the master)

May 15 01:29:57 fogarty slapd[3607]: conn=0 op=10 MOD dn="uid=paul,ou=People,dc=jakma, dc=org"
May 15 01:29:57 fogarty slapd[3607]: conn=0 op=10 RESULT tag=103 err=10 text=
May 15 01:29:57 hibernia slapd[15379]: daemon: conn=6 fd=16 connection from IP=192.168.0.4:33353 (IP=:: 389) accepted.
May 15 01:29:57 hibernia slapd[15379]: conn=6 op=0 BIND dn="" method=128
							^^^^^^
May 15 01:29:57 hibernia slapd[15379]: conn=6 op=0 RESULT tag=97 err=0 text=

the master always seems to get empty bind DNs, which of course means
client can not modify it.

i have same ACLs on both master and slave, including:

access to dn=".*,ou=People,dc=jakma,dc=org"
	attr=userpassword,ntpassword,lmpassword,roomNumber,initials,mobile,loginShell,gecos
        by self write
        by dn=".*ou=hosts,dc=jakma,dc=org" read
        by anonymous auth
        by * none

on the slave, referral is:

updateref ldap://hibernia.jakma.org/

(i have also tried "ldap://hibernia.jakma.org";,
ldap://hibernia.jakma.org, ldap://hibernia.jakma.org/dc=jakma,dc=org
and ldap://hibernia.jakma.org/dc=jakma,dc=org?dn. makes no
difference)

Clients i've tried with are all the openldap tools, gq and
directory_administrator which all use libldap.so.2 from the RH
openldap-2.0.7-14 RPM.

is this a misconfiguration problem, or is it a bug in openldap? any
clues people could give would be greatly appreciated.

> Pierangelo.

thanks in advance.

regards,
-- 
Paul Jakma	paul@clubi.ie	paul@jakma.org
PGP5 key: http://www.clubi.ie/jakma/publickey.txt
-------------------------------------------
Fortune:
Never worry about theory as long as the machinery does what it's supposed to do.
		-- R. A. Heinlein

Follow-Ups:
- Re: AW: Replication between different Versions of server
  - From: Pierangelo Masarati <pmasarati@bci.it>
- Re: AW: Replication between different Versions of server
  - From: "Leon de Rooy" <ldr@globalxs.nl>

References:
- Re: AW: Replication between different Versions of server
  - From: Pierangelo Masarati <masarati@aero.polimi.it>

Prev by Date: Re: openldap and redhat 7.1
Next by Date: Re: LDAP Design Advice
Index(es):
- Chronological
- Thread