[Date Prev][Date Next]
Re: AW: Replication between different Versions of server
I have the same problem here (openldap 2.0.8).
when I try to modify the slave, I get a referral back, and when the client
then automatically tries to do the modification on the master, it binds
anonymous (BIND dn="" method=128) ..
Is there anything I can do to make it work ? (ie, bind as the same user to
the master as I used to bind to the slave)
It would be even nicer if I could make the slaveserver do the referral to
Thanks in advance,
Leon de Rooy
CyberComm / GlobalXS Internet
----- Original Message -----
From: "Paul Jakma" <email@example.com>
To: "Pierangelo Masarati" <firstname.lastname@example.org>
Cc: "Tiefnig Daniel" <email@example.com>; "OpenLDAP Software"
Sent: Tuesday, May 15, 2001 2:39 AM
Subject: Re: AW: Replication between different Versions of server
> On Mon, 14 May 2001, Pierangelo Masarati wrote:
> > modification. The only missing functionality would be the referral
> > on write attempt.
> how do you get the refferal on write to work? it will not work for
> me -> clients that try to write to the slave are reffered to the
> master alright, but they always get "insufficient access". same
> client on same entry, same acl being applied but talking to the
> master LDAP server (hence with correct bind dn) can modify the entry.
> eg: (fogarty is slave that client is trying to modify an entry it
> owns and can modify on the master)
> May 15 01:29:57 fogarty slapd: conn=0 op=10 MOD
> May 15 01:29:57 fogarty slapd: conn=0 op=10 RESULT tag=103 err=10
> May 15 01:29:57 hibernia slapd: daemon: conn=6 fd=16 connection
from IP=192.168.0.4:33353 (IP=:: 389) accepted.
> May 15 01:29:57 hibernia slapd: conn=6 op=0 BIND dn="" method=128
> May 15 01:29:57 hibernia slapd: conn=6 op=0 RESULT tag=97 err=0
> the master always seems to get empty bind DNs, which of course means
> client can not modify it.
> i have same ACLs on both master and slave, including:
> access to dn=".*,ou=People,dc=jakma,dc=org"
> by self write
> by dn=".*ou=hosts,dc=jakma,dc=org" read
> by anonymous auth
> by * none
> on the slave, referral is:
> updateref ldap://hibernia.jakma.org/
> (i have also tried "ldap://hibernia.jakma.org",
> ldap://hibernia.jakma.org, ldap://hibernia.jakma.org/dc=jakma,dc=org
> and ldap://hibernia.jakma.org/dc=jakma,dc=org?dn. makes no
> Clients i've tried with are all the openldap tools, gq and
> directory_administrator which all use libldap.so.2 from the RH
> openldap-2.0.7-14 RPM.
> is this a misconfiguration problem, or is it a bug in openldap? any
> clues people could give would be greatly appreciated.
> > Pierangelo.
> thanks in advance.
> Paul Jakma firstname.lastname@example.org email@example.com
> PGP5 key: http://www.clubi.ie/jakma/publickey.txt
> Never worry about theory as long as the machinery does what it's supposed
> -- R. A. Heinlein