[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: enough of replication problem.




On Tue, 12 Aug 2003, jawed abbasi wrote:

> hello
>
> I have read enough and tried enough to make it work, but it doesn't work all the time.
> My setup is here , I will appreciate a word of wisdom.
> I have 2 machines Machine A (Master LDAP) , Machine B (Slave LDAP).
>
> Master LDAP :
> replica host=pcNavYkfSupp1.ykf.navtechinc.com:389
>         binddn="uid=replica,ou=ykfPeople,dc=navtechinc,dc=com"
>         bindmethod=simple credentials=replica
>
> Slave LDAP:
> updatedn uid=replica,ou=ykfPeople,dc=navtechinc,dc=com"
> updateref "ldap://pcNavYkfSupp2.navtechinc.com";
>
> both Machines have same ldap version openldap-2.0.27-2.7.3
>
> The issues is when my ldaptools i-e ldap.conf , smbldap-*.pl  point to Master , and I change user attribute gecos , using smbldap-usermodify.pl it gets replicated to Slave.
> But if I change password for user , it doesn't get replicate I get rej log, which says insufficient access.
> But when I point all ldap tools to MachineB (Slave ldap), no replication occurs, nothing, everything gets changed on Machine B but Machine A retains old changes
> Here is my slapd.access on Slave

If you make the change directly to the slave, you shouldn't get any
replication.

When you are making the change to the master server, you are using the
cn=Master,dc=navtechinc,dc=com user, correct?


> #This is ACL (Access Control List) for Slapd
> access to dn=".*,dc=navtechinc,dc=com" attr=userPassword,ntPassword,lmPassword,smbHome,gecos
>         by dn="cn=Manager,dc=navtechinc,dc=com" write
>         by dn="uid=replica,ou=ykfPeople,dc=navtechinc,dc=com" write
>         by self write
>         by * auth
> access to dn=".*,dc=navtechinc,dc=com" attr=mail
>         by dn="cn=Manager,dc=navtechinc,dc=com" write
>         by self write
>         by * read
>
> access to dn=".*,ou=ykf,dc=navtechinc,dc=com"
>         by * read
> access to dn=".*,dc=navtechinc,dc=com"
>         by self write
>         by * read
> Master SALPD Access
>
> #This is ACL (Access Control List) for Slapd
> access to dn=".*,dc=navtechinc,dc=com" attr=userPassword,ntPassword,lmPassword
>         by dn="cn=Manager,dc=navtechinc,dc=com" write
>         by self write
>         by * auth
> access to dn=".*,dc=navtechinc,dc=com" attr=mail
>         by dn="cn=Manager,dc=navtechinc,dc=com" write
>         by self write
>         by * read
> access to dn=".*,ou=ykf,dc=navtechinc,dc=com"
>         by * read
> access to dn=".*,dc=navtechinc,dc=com"
>         by self write
>         by * read
>
> So i am not sure whats going on if it is problem with ACLs or bind stuff is wrong.
>
>
>
>
> ---------------------------------
> Do you Yahoo!?
> Yahoo! SiteBuilder - Free, easy-to-use web site design software