[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: error in modifying subordinate entries


On Sat, Feb 28, 2009 at 8:37 PM, Pierangelo Masarati <ando@sys-net.it> wrote:
Rakesh Yadav wrote:

I want to establish communication between two ldap servers at different
For this i have used "ref attribute of ldap" by using this attribute, i am

Not sure what you mean, but I presume you're using the LDAP referral mechanism.

If the server a.example.net holds dc=example,dc=net and wished to delegate the subtree ou=subtree,dc=example,dc=net to another server b.example.net, the following named referral object would be added to a.example.net:

    dn: dc=subtree,dc=example,dc=net
objectClass: referral
objectClass: extensibleObject
dc: subtree
ref: ldap://b.example.net/dc=subtree,dc=example,dc=net

The server uses this information to generate referrals and search continuations to subordinate servers.

 I think now u have understood what i want to explain.


able to retrieve
entries of second ldap server. Means i can read or search entries of second
server from
first ldap server.

But the problem comes when i want to modify any attribute of an entry of
second server
from the first server.

Definitely i am having some access permissions related error.

Here i am attaching slapd.conf files of both ldap servers.

*First Server* *slapd.conf:*


*access to * by * write*

^^^ not a wise policy, I hope it's just for testing.  In any case you can't have any access privilege issue with it.  Granted.

Actually this is just for testing purpose.


*Second server's slapd.conf:*


*access to * by * write*

^^^ same as above




where *test_ref* is having *ref* attribute

dn: fn=test_ref,fn=bioinfo,fn=gstorage,fn=gfs,dc=cdac,dc=in
objectClass: referral
objectClass: extensibleObject
fn: test_ref
ref: ldap://,dc=cdac,dc=in


dn: fn=test1,fn=test_ref,dc=cdac,dc=in

Now i want to delete "*fn=test1,fn=test_ref,dc=cdac,dc=in*" this entry.
I have used ldap command line tool "*ldapdelete*" and executed this tool on
*first LDAP machine*.

Then the result of command is:

**[root@tapti LDIF]# ldapdelete -x -h "tapti" -D "cn=Manager,dc=cdac,dc=in"
\"fn=test1,fn=test_ref,fn=bioinfo,fn=gstorage,fn=gfs,dc=cdac,dc=in" -w
ldap_delete: Referral (10)
       matched DN: fn=test_ref,fn=bioinfo,fn=gstorage,fn=gfs,dc=cdac,dc=in

This is the expected behavior: ldapdelete provides no means to automatically chase referrals.

actually i m using ldap_delete_ext_s() for deleting an entry.
Can this ldap api be used for deleting referral entries?

One more thing
Can this ldap api ldap_modify_ext_s() be used for updating referral entries ?


Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Fax:     +39 0382 476497
Email:   ando@sys-net.it

Rakesh Yadav
Mob. 09881092496