[Date Prev][Date Next]
Re: write only referrals - possible?
Buchan Milne wrote:
>> Sounds very easy, but I would like to allow users to change their
passwords, without having them to drive to where the central server is :)
> Do you have connectivity between the offices?
Yes, in general there is 99,9% connectivity between offices.
It would be good if the whole thing didn't crash in case of this 0,1%
> It is acceptable to have:
> -account creation
> -password changes
> be unavailable in the case of connectivity problems?
Do you mean if it's acceptable that passwords won't change and accounts
won't be added if we can't connect to the master?
>> The whole process should look like below - taken from chapter 13.1
of Admin's Guide:
>> 1. The LDAP client submits an LDAP modify operation to the slave slapd.
>> 2. The slave slapd returns a referral to the LDAP client referring
the client to the master slapd.
>> 3. The LDAP client submits the LDAP modify operation to the master
> Yes, samba chases referrals.
>> 4. The master slapd performs the modify operation, writes out the
change to its replication log file and returns a success code to the client.
> Yes, slapd writes the replication log, and slurpd replicates it to
OK, at least that step I already practiced :)
>> Does it mean that it is possible to construct a "write only" referral?
> That's what the updateref parameter is for ...
All right... I begin to catch.... Slowly...
So from what you say, my environment should already be working the way I
So if I have in slave's slapd.conf:
this means that any update attemts will be "forwarded" to that address?
Right now I'm not able to change anything in a slave (configuration is
the same as in the master) - I'm able to change in the master and it's
replicated to the slave a while later.
[replica uri/replogfile in master; updatedn/updateref in slave are the
Is it possible that I can't make updates in slaves (using GQ or
phpLDAPadmin) because I miss some "updatepassword = secret" or something
Or is it more fundamental?
> Samba chases referalls automatically, so I don't see the problem.
Samba also has a configureable "ldap replication sleep", so you can make
samba wait for replication of account additions it may require before
doing any other changes.
So it's Samba configuration rather than OpenLDAP, right? Or Samba
configuration should stay as it is now?
Do you have any examples / links / what to search for? Would it be
"samba ldap referrals"?
PS. and yes, your openldap2.2 wasn't badly packaged, it just had minor