[Date Prev][Date Next]
On Fri, 16 Jan 2004, Howard Chu wrote:
> > -----Original Message-----
> > From: owner-openldap-software@OpenLDAP.org
> > [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Igor Brezac
> > Is it possible for a slave(replica) slapd server to chase referrals?
> > This was not possible in 2.1, but I was wondering if this can be done in
> > 2.2. I would like for an ldap client to be able to send modify/add
> > queries to slave slapd servers which in turn update the master.
> Yes, if you build slapd with back-ldap you can configure a chaining overlay
> that will chase referrals.
> database bdb
> suffix o=foo
> <back-bdb config directives>
> updateref ldap://master
> overlay chain
> back-ldap config directives:
> uri ldap://master
> binddn ...
> bindpw ...
> Note that since back-ldap only knows how to deal with a single target URI,
> (unlike back-meta, which handles multiple targets) this will only work if all
> your referrals point to the same server. At some point we'll overhaul
> back-ldap and add multiple target functionality to it...
> There is no documentation for this feature yet, the code is probably not in
> its final form. At present, the way it works is by opening a session to the
> remote server, binding with the binddn/bindpw, and executing the operation
> with a proxyAuthz control set to the original user's DN. No DN mapping is
> performed on the user's DN - in this context, the master and slave server are
> supposed to have identical DITs so mapping should not be needed. Obviously
> the binddn must have proxy privileges on the master server.
I setup overlay chain as described above, but I it does not work me.
Both slave and master DIT are the same. The master ldap server is not
receiving any connection attempts from the slave. ldapmodify on the slave
returns a referral url. It appears that the overalay is not used.
$ ldapmodify -H ldap:/// -f ./i
SASL/DIGEST-MD5 authentication started
Please enter your password:
SASL username: igor
SASL SSF: 128
SASL installing layers
modifying entry "associatedDomain=ipass.net+cn=igor,ou=People,o=pb"
ldap_modify: Referral (10)
Any ideas? (I use 2.2.11 and back-ldap is compiled in)