[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: AW: Replication between different Versions of server


I have the same problem here (openldap 2.0.8).

when I try to modify the slave, I get a referral back, and when the client
then automatically tries to do the modification on the master, it binds
anonymous (BIND dn="" method=128) ..

Is there anything I can do to make it work ? (ie, bind as the same user to
the master as I used to bind to the slave)

It would be even nicer if I could make the slaveserver do the referral to
the master..

Thanks in advance,

Leon de Rooy
CyberComm / GlobalXS Internet

----- Original Message -----
From: "Paul Jakma" <paul@clubi.ie>
To: "Pierangelo Masarati" <masarati@aero.polimi.it>
Cc: "Tiefnig Daniel" <daniel.tiefnig@infonova.at>; "OpenLDAP Software"
Sent: Tuesday, May 15, 2001 2:39 AM
Subject: Re: AW: Replication between different Versions of server

> On Mon, 14 May 2001, Pierangelo Masarati wrote:
> > modification. The only missing functionality would be the referral
> > on write attempt.
> how do you get the refferal on write to work? it will not work for
> me -> clients that try to write to the slave are reffered to the
> master alright, but they always get "insufficient access". same
> client on same entry, same acl being applied but talking to the
> master LDAP server (hence with correct bind dn) can modify the entry.
> eg: (fogarty is slave that client is trying to modify an entry it
> owns and can modify on the master)
> May 15 01:29:57 fogarty slapd[3607]: conn=0 op=10 MOD
dn="uid=paul,ou=People,dc=jakma, dc=org"
> May 15 01:29:57 fogarty slapd[3607]: conn=0 op=10 RESULT tag=103 err=10
> May 15 01:29:57 hibernia slapd[15379]: daemon: conn=6 fd=16 connection
from IP= (IP=:: 389) accepted.
> May 15 01:29:57 hibernia slapd[15379]: conn=6 op=0 BIND dn="" method=128
> ^^^^^^
> May 15 01:29:57 hibernia slapd[15379]: conn=6 op=0 RESULT tag=97 err=0
> the master always seems to get empty bind DNs, which of course means
> client can not modify it.
> i have same ACLs on both master and slave, including:
> access to dn=".*,ou=People,dc=jakma,dc=org"
>         by self write
>         by dn=".*ou=hosts,dc=jakma,dc=org" read
>         by anonymous auth
>         by * none
> on the slave, referral is:
> updateref ldap://hibernia.jakma.org/
> (i have also tried "ldap://hibernia.jakma.org";,
> ldap://hibernia.jakma.org, ldap://hibernia.jakma.org/dc=jakma,dc=org
> and ldap://hibernia.jakma.org/dc=jakma,dc=org?dn. makes no
> difference)
> Clients i've tried with are all the openldap tools, gq and
> directory_administrator which all use libldap.so.2 from the RH
> openldap-2.0.7-14 RPM.
> is this a misconfiguration problem, or is it a bug in openldap? any
> clues people could give would be greatly appreciated.
> > Pierangelo.
> thanks in advance.
> regards,
> --
> Paul Jakma paul@clubi.ie paul@jakma.org
> PGP5 key: http://www.clubi.ie/jakma/publickey.txt
> -------------------------------------------
> Fortune:
> Never worry about theory as long as the machinery does what it's supposed
to do.
> -- R. A. Heinlein