[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Problem Using Chain Overlay, unable to figure out dontusecopy control to fix it
- To: openldap-technical@openldap.org
- Subject: Problem Using Chain Overlay, unable to figure out dontusecopy control to fix it
- From: Andy Dorman <adorman@ironicdesign.com>
- Date: Tue, 29 Jul 2014 17:22:17 -0500
- User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Icedove/24.5.0
- Debian OpenLDAP 2.4.39 using back_mdb
- delta-syncrepl master->multiple slaves (lightning fast and has worked
great for many years)
- the client running on each slave and causing the problem is Horde
using the php-ldap client (PHP 5.6).
Horde is configured to use the slave/localhost LDAP replica and we are
hoping to use updateref and chain overlay to write to the master and
read from the localhost slave.
Our slapd.conf global config has:
...
moduleload back_ldap
overlay chain
chain-uri ldap://ldap.ironicdesign.com/
chain-idassert-bind bindmethod="simple"
binddn="root dn"
credentials=<root pwd>
mode="self"
chain-return-error TRUE
...
And after the syncrepl setup, the last line of slapd.conf defines updateref.
...
updateref ldap://ldap.ironicdesign.com/
So, the problem comes when we add an address book contact to be stored
in LDAP. The contact is written successfully to the LDAP master, but
then Horde/php-ldap tries to get/read the new contact and of course it
is not on our localhost slave yet, so the "get" fails.
I noted in the OpenLDAP docs, "12.3.4. Read-Back of Chained
Modifications", where it discusses using the "dontusecopy" control in
the client to prevent this problem, but I can find no reference to
setting this "dontusecopy" control anywhere in the PHP-ldap client or
any other client for that matter.
Has anyone ever used the "dontusecopy" control and if so, would you mind
terribly telling us how/where you used it?
Thanks for any insights.
--
Andy Dorman