[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL OTP and syncrepl

Pierangelo Masarati <masarati@aero.polimi.it> wrote:

> Not necessarily.  Every write to a well-configured replica should be 
> rejected with a referral.  The chain overlay will intercept the referral
> and chase it, applying the modification to the master.  You need to 
> check why no referral is returned, since the master's value eventually
> overrides the replica's.  Either the configuration uses an identity that
> bypasses shadow checks (like the updatedn) or some SASL-related code 
> (slap_auxprop_store?) is performing an internal modification with some
> special flag that bypasses shadow checks.  

I beleive the offending code is in

It seems we use the authc Id:

But there is no special flags:
        mod->sml_flags = 0;

Nothing in the logs on the master. On the client I have this at bind
 SASL [conn=219246] Error: SASL error opening password file. Do you have
write permissions?  
 SASL [conn=219246] Failure: Could not open db for write 

But it  happens all the time, OTP being used or not.
Emmanuel Dreyfus