[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: replication security (i)

On Thursday 10 November 2005 17:48, John Halfpenny wrote:
> hi quanah.
> i've been using the oreilly book on ldap admin for a bit of guidance on
> this, but from what i can make out any changes i make to the slave stay
> there and aren't redirected to the master... (with readonly turned off that
> is)

If you have an 'updateref' directive for the database on the slave, a 
non-replicadn client should get a referral to the value following the 
directive. Usually, this should point to your master.

Whether the client will chase the referral or not is up to the client.

But, your slave should not be accepting any changes not made by the replicadn.

If you are using the rootdn for the replicadn, and making changes to the slave 
from the rootdn, it will accept them.

The replicadn should not be used for *anything* but replication, which is why 
you should not use the rootdn (which you may use for something else).

> is it password related? does it make a difference which hashed password i
> use for the rootdn (ie. can i use the same SSHA coded password at both ends
> or do i have to generate them separately?)

Password hash is irrelevant.


Buchan Milne
ISP Systems Specialist

Attachment: pgpIQrOFdHuM5.pgp
Description: PGP signature