[Date Prev][Date Next]
Re: SASL OTP and syncrepl
Emmanuel Dreyfus wrote:
Howard Chu <email@example.com> wrote:
How is it supposed to work?
Most likely it's not. Since almost nobody uses SASL OTP with OpenLDAP, it's
never gotten much attention.
What do people use, then?
As far as I understand, there needs to be
some code for the replica to send the update to the master. Is the code
missing, or do I have a configuration problem that prevent it from
working? Or do I hit a bug?
Look into chaining...
I have it configured already. Do you confirm this is a bug to be fixed
in the chain overlay?
Not necessarily. Every write to a well-configured replica should be
rejected with a referral. The chain overlay will intercept the referral
and chase it, applying the modification to the master. You need to
check why no referral is returned, since the master's value eventually
overrides the replica's. Either the configuration uses an identity that
bypasses shadow checks (like the updatedn) or some SASL-related code
(slap_auxprop_store?) is performing an internal modification with some
special flag that bypasses shadow checks. I'm not going to debug this
issue right now (no time, sorry), but you should look at something along