[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: replicate to a DX-View(X500DAP, X500DSP) Server

> Hello,
> we have in our company an application which relies centrally on an
> X500DAP,X500DSP Server. This Server can be queried via the
> LDAP-Protocol, but I don't know if it supports also ldapadd.ldapmodify
> and so on...
> Every decentral location should have also a Directory with the same
> content. But every location should administer and modify its content by
> its own. (its branch in the tree). Since I'm using here Openldap and
> don't want to give it away I'am looking for a way to replicate my
> content to this server.
> So I installed an ldapmaster which replicates via slurpd to an
> ldapproxy, which should give it to a third ldap-server. As I modified an
> attribute on the ldapmaster I get the follwing message from my
> ldapproxy:
> RESULT tag=103 err=19 text=entryCSN: no user modification allowed
> Feb 27 15:19:36 lxlki108 ldapproxy[20161]: conn=0 op=2 MOD dn="cn=by
> augsburg pi 8,ou=BY,o=POL,c=DE"
> What am I doing wrong ? Are there other possibilities ? The second step
> is to get LDAP-Requests from the central server ( for other branches) to
> my LDAP-Proxy which should give it to my ldapproxy which should pass
> that values, operations to my ldapmaster.

You're replicating thru a back-ldap, I assume (a think I never tried),
and apparently the proxy is not allowing operational attribute

You can either add a updatedn to the proxy, to make it believe
it's a replica, but then only the updatedn would be allowed to
perform write operations; or you may strip operational attributes
from replication, by using

replica host=host # more replication options ...

(I think I'll add an alias for operational ...)


Pierangelo Masarati