[Date Prev][Date Next]
replication (sending to slave and have it update master)
- To: takumi kubota <firstname.lastname@example.org>, openLDAP-software@OpenLDAP.org
- Subject: replication (sending to slave and have it update master)
- From: Jan-Michael Ong <email@example.com>
- Date: Wed, 14 Nov 2001 08:40:34 -0800
- In-reply-to: <firstname.lastname@example.org>
- References: <MABBJIPAKNGLJMHEMJHIEEFECAAA.email@example.com>
I think I managed to get the slave write the updates to the master using
ldapsearch with the -C option but I'm not totally convinced.
I created an LDIF for modifications
then I run ldapmodify
/usr/local/bin/ldapmodify -f mod.ldif -D
"firstname.lastname@example.org,ou=SomeBranch,o=MyCompany" -w secret -h
"myslave.mydomain.com" -p "389" -v -d 256
then I got "Insufficient Access" LDAP Error 50
so I added the following acl
# 220.127.116.11 is the ip address of the myslave.mydomain.com
# cn=Administrators, contains the email@example.com its a special
group of admins
access to dn"ou=MyTest,o=MyCompany"
by group="cn=Administrators,ou=SomeBranch,o=Adobe Systems" write
by peername="ip=18.104.22.168:*" write
and that seems to work but I have some questions that I'm hoping somebody
would be kind enough to help me with
a.) Why was I forced to add the ip address to grant the slave write access
on the machine? Why couldn't it have picked up the admin's group
memebership from the group?
b.) Also I noticed that when I send an update to the slave, the master logs
says that I bind anonymously
Nov 14 08:27:38 lookup2 slapd: daemon: conn=0 fd=9 connection from
IP=22.214.171.124:33770 (IP=0.0.0.0:0) accepted.
Nov 14 08:27:38 lookup2 slapd: conn=0 op=0 BIND dn="" method=128
Nov 14 08:27:38 lookup2 slapd: conn=0 op=0 RESULT tag=97 err=0 text=
Nov 14 08:27:38 lookup2 slapd: conn=0 op=1 MOD
.... snip ...
Why is this so? Even if I bound as admin from the slave?
I would really appreciate any feedback or just some enlightenment to this
Thanks in advance