[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Syncrepl and chain Overlay

To: openldap-software@OpenLDAP.org
Subject: Re: Syncrepl and chain Overlay
From: Quanah Gibson-Mount <quanah@stanford.edu>
Date: Thu, 09 Dec 2004 14:53:46 -0800
Cc: Ralf Haferkamp <rhafer@suse.de>
Content-disposition: inline
In-reply-to: <63173.81.72.89.40.1102622607.squirrel@81.72.89.40>
References: <200412092029.02810.rhafer@suse.de> <63173.81.72.89.40.1102622607.squirrel@81.72.89.40>

--On Thursday, December 09, 2004 9:03 PM +0100 Pierangelo Masarati <ando@sys-net.it> wrote:

Hi,

I'm having some trouble to get the chain overlay to work on a syncrepl
consumer with current HEAD code. My config basically looks like this:

-------------------------------------------
database bdb
suffix "dc=example,dc=com"
rootdn "cn=admin,dc=example,dc=com"
rootpw "secret"
overlay chain
chain-uri ldap://<master-server>
directory /var/lib/ldap
checkpoint 1024 5
cachesize 10000
syncrepl rid=333
        provider="ldap://<master-server>"
        type=refreshOnly
        interval=00:00:01:00
        searchbase="dc=example,dc=com"
        updatedn="cn=syncrepl,dc=example,dc=com"
        bindmethod=simple
        binddn="cn=administrator,dc=example,dc=com"
        credentials="secret"
updateref ldap://<master-server>
index objectClass,uidNumber,gidNumber eq
--------------------------------------------

When issueing a modify operation on the consumer I just get the referral
back
as if the chain overlay wasn't there. It doesn't even try to contact the
master server.
I compiled everything (chain-overlay and back-ldap) statically into slapd
and
in the logs I see, that the chain-overlay is initialized and configured.

Any idea what's going wrong here? Is the above configuration screwed?


didn't go into details reading your config, so there might be something
more; one thing I see is tht your configurtion is missing the
"chain-acl-authcDN", "chain-acl-passwd" directives that tell the
underlying back-ldap what identity to rebind as when following the
referral.

I suspect this is required in order to allow auth'd referral chasing when
performing writes.

I'd note that syncrepl out of HEAD is under a bit of change right now as the new overlay rewrite is flushed out, so there may be a number of reasons why particular things don't work.

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

References:
- Syncrepl and chain Overlay
  - From: Ralf Haferkamp <rhafer@suse.de>
- Re: Syncrepl and chain Overlay
  - From: "Pierangelo Masarati" <ando@sys-net.it>

Prev by Date: Re: how to instrument purify for openldap
Next by Date: how-to get ldif2dbm ?
Index(es):
- Chronological
- Thread