[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: SASL OTP and syncrepl
Pierangelo Masarati <masarati@aero.polimi.it> wrote:
> Not necessarily. Every write to a well-configured replica should be
> rejected with a referral. The chain overlay will intercept the referral
> and chase it, applying the modification to the master. You need to
> check why no referral is returned, since the master's value eventually
> overrides the replica's. Either the configuration uses an identity that
> bypasses shadow checks (like the updatedn) or some SASL-related code
> (slap_auxprop_store?) is performing an internal modification with some
> special flag that bypasses shadow checks.
I beleive the offending code is in
servers/slapd/sasl.h:slap_auxprop_store()
It seems we use the authc Id:
slap_propnames[SLAP_SASL_PROP_AUTHC]
But there is no special flags:
mod->sml_flags = 0;
Nothing in the logs on the master. On the client I have this at bind
time:
SASL [conn=219246] Error: SASL error opening password file. Do you have
write permissions?
SASL [conn=219246] Failure: Could not open db for write
But it happens all the time, OTP being used or not.
--
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@netbsd.org