[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slurpd replication, "entryCSN: no user modification allowed"

Today at 1:13pm, Gavin White wrote:

> on the server, my slapd.conf has:
> rootdn          "uid=root,dc=mydomain,dc=com"
> replica         host=ldap://ldap2.mydomain.com:389
>                  binddn="uid=root,dc=domain,dc=com"
>                  bindmethod=simple credentials=mypassword
> On the slave (ldap2), it has:
> rootdn          "uid=root,dc=mydomain,dc=com"
> updatedn        "uid=root,dc=mydomain,dc=com"

rootdn and updatedn really really really need to be different.  We've
had this discussion about 18 months ago (maybe more).  I believe it is
even spelled out in the admin guide.

So, I believe the slave is getting confused and not knowing if you are
trying to do an replication-update or if the rootdn has just connected
to it to do a force update (via ldapmodify say) and is therefore
assuming the rootdn and rejecting the update.  I expect you will solve
your problem if you change the updatedn to be different from the rootdn.

Frank Swasey                    | http://www.uvm.edu/~fcs
Systems Programmer              | Always remember: You are UNIQUE,
University of Vermont           |    just like everyone else.
        === God bless all inhabitants of your planet ===