Re: OpenLDAP Replication - Trust or not to Trust?

To: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Subject: Re: OpenLDAP Replication - Trust or not to Trust?

From: Alex Franko <frankoalex@yahoo.com>

Date: Sat, 23 Oct 2004 13:54:19 -0700 (PDT)

In-reply-to: <6.1.2.0.0.20041023130424.02d90a18@127.0.0.1>

I have 3 questions on Kurt's response:

A) Does it mean that the following scenario from chapter 13 of OpenLDAP
Administration Guide is wrong (see below):
Sample replication scenario:
1.. The LDAP client submits an LDAP modify operation to the slave slapd.
2.. The slave slapd returns a referral to the LDAP client referring the
client to the master slapd.
3.. The LDAP client submits the LDAP modify operation to the master slapd.
4.. The master slapd performs the modify operation, writes out the change
to its replication log file and returns a success code to the client.
5.. The slurpd process notices that a new entry has been appended to the
replication log file, reads the replication log entry, and sends the change
to the slave slapd via LDAP.
6.. The slave slapd performs the modify operation and returns a success
code to the slurpd process.

B) I think that not ldapmodify , but the Client should chase referrals. So
if Client doesn't do that it means that other operations such -
- ldapdelete, ldapmordn will not work also?

C) So if it is not a bug should be documentation updated correspondingly?
Isn't it possible to re-develop the Clent to chase referrals for updating utilities

such as ldapmodify, etc - with consideration of security issues?

Alex.

"Kurt D. Zeilenga" <Kurt@OpenLDAP.org> wrote:

At 12:43 PM 10/23/2004, Alex Franko wrote:
>May be I misunderstood the documentation and my expectation that Client should automatically redirect request to the Master is wrong?

ldapmodify(1) doesn't automatically chase referrals
(for security reasons).

Kurt

Yahoo! Mail Address AutoComplete