[Date Prev][Date Next]
Re: AW: Replication between different Versions of server
On Mon, 14 May 2001, Pierangelo Masarati wrote:
> modification. The only missing functionality would be the referral return
> on write attempt.
how do you get the refferal on write to work? it will not work for
me -> clients that try to write to the slave are reffered to the
master alright, but they always get "insufficient access". same
client on same entry, same acl being applied but talking to the
master LDAP server (hence with correct bind dn) can modify the entry.
eg: (fogarty is slave that client is trying to modify an entry it
owns and can modify on the master)
May 15 01:29:57 fogarty slapd: conn=0 op=10 MOD dn="uid=paul,ou=People,dc=jakma, dc=org"
May 15 01:29:57 fogarty slapd: conn=0 op=10 RESULT tag=103 err=10 text=
May 15 01:29:57 hibernia slapd: daemon: conn=6 fd=16 connection from IP=192.168.0.4:33353 (IP=:: 389) accepted.
May 15 01:29:57 hibernia slapd: conn=6 op=0 BIND dn="" method=128
May 15 01:29:57 hibernia slapd: conn=6 op=0 RESULT tag=97 err=0 text=
the master always seems to get empty bind DNs, which of course means
client can not modify it.
i have same ACLs on both master and slave, including:
access to dn=".*,ou=People,dc=jakma,dc=org"
by self write
by dn=".*ou=hosts,dc=jakma,dc=org" read
by anonymous auth
by * none
on the slave, referral is:
(i have also tried "ldap://hibernia.jakma.org",
and ldap://hibernia.jakma.org/dc=jakma,dc=org?dn. makes no
Clients i've tried with are all the openldap tools, gq and
directory_administrator which all use libldap.so.2 from the RH
is this a misconfiguration problem, or is it a bug in openldap? any
clues people could give would be greatly appreciated.
thanks in advance.
Paul Jakma email@example.com firstname.lastname@example.org
PGP5 key: http://www.clubi.ie/jakma/publickey.txt
Never worry about theory as long as the machinery does what it's supposed to do.
-- R. A. Heinlein