[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: write only referrals - possible?

Buchan Milne wrote:

>> Sounds very easy, but I would like to allow users to change their passwords, without having them to drive to where the central server is :)
> Do you have connectivity between the offices?

Yes, in general there is 99,9% connectivity between offices.
It would be good if the whole thing didn't crash in case of this 0,1% connectivity problem.

> It is acceptable to have: > -account creation > -password changes > be unavailable in the case of connectivity problems?

Do you mean if it's acceptable that passwords won't change and accounts won't be added if we can't connect to the master?

>> The whole process should look like below - taken from chapter 13.1 of Admin's Guide:
>> 1. The LDAP client submits an LDAP modify operation to the slave slapd.
>> 2. The slave slapd returns a referral to the LDAP client referring the client to the master slapd.
>> 3. The LDAP client submits the LDAP modify operation to the master slapd.
> Yes, samba chases referrals.


>> 4. The master slapd performs the modify operation, writes out the change to its replication log file and returns a success code to the client.
> Yes, slapd writes the replication log, and slurpd replicates it to slaves.

OK, at least that step I already practiced :)

>> Does it mean that it is possible to construct a "write only" referral? >> > That's what the updateref parameter is for ...

All right... I begin to catch.... Slowly...
So from what you say, my environment should already be working the way I want :)
So if I have in slave's slapd.conf:

updatedn cn=replica,dc=example,dc=com
updateref ldap://

this means that any update attemts will be "forwarded" to that address?

Right now I'm not able to change anything in a slave (configuration is the same as in the master) - I'm able to change in the master and it's replicated to the slave a while later.
[replica uri/replogfile in master; updatedn/updateref in slave are the only differences].
Is it possible that I can't make updates in slaves (using GQ or phpLDAPadmin) because I miss some "updatepassword = secret" or something like that?
Or is it more fundamental?

> Samba chases referalls automatically, so I don't see the problem. Samba also has a configureable "ldap replication sleep", so you can make samba wait for replication of account additions it may require before doing any other changes.

So it's Samba configuration rather than OpenLDAP, right? Or Samba configuration should stay as it is now?
Do you have any examples / links / what to search for? Would it be "samba ldap referrals"?


PS. and yes, your openldap2.2 wasn't badly packaged, it just had minor issues :)