[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Updating password in slave ldap server

On Sunday 10 August 2008 23:32:12 Gustavo Mendes de Carvalho wrote:
> Hi All,
> I have 2 LDAP Servers (1 master and 1 slave) and I synchronize bdb database
> by slurp daemon. So, when somebody needs to update his/her password or
> other information, everything is done in master server and then slave
> server receives this updates. This 2 servers are in the same physical
> place.
> Now I am planning to put another LDAP slave in other geographical place
> (far from this 2 servers) and because of that I am planning to put some
> slave server receiving all updates from master server, but in all ldap
> client machines in this new location I would like to configure this new
> slave server (Slave server 2) as URI host in ldap.conf files. I mean
> Location 1: Master server 1 and slave server 1
> Location 2: Slave server 2
> Is there any way to do:
> 1. ldap client machines in location 2 to authenticate using Slave server 2
> ? 2. when client machines needs to change some ldap information (like
> password or personal information), to force this update to occurs in slave
> server 2 and then master server 1 receives this uodate ?

Which server is (ultimately) used for password changing does not depend on 
whether it is listed in the configuration file.

If you configure the updateref correctly on the slave, then the client will 
get a referral when it tries to make a change. If the client chases referrals 
(samba and pam_ldap do), then they will re-try their change against the master 
on their own.

While slapo-chain *can* be used for this, slapo-chain is really *only* 
necessary with clients that don't chase referrals.

Just configure things correctly (according to the documentation), and you 
should have a working solution.

Now, if there is a reason why the clients can't reach the master (e.g. 
firewall policy or similar), in *that* case slapo-chain can provide a 

You didn't explain why you though there was a problem in the first place ....

> Do I have to use 2 Master servers (1 in each location) ?