[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re[2]: Referral from Slave to Master failed in 2.0.7




I have tried but still cannot successfully make the slave to master referral. I
have the following questions:

1.  Have anyone really successfully do the slave to master referral? If so, what
client do you use to test it?  Is the the supplied clients, like ldapmodify,
ldapadd, etc? If so, what is the meaning of the -C option? Is it necessary to
use this option to have referral?

2.  Do anyone know the meaning of the error "ldif_record()" ? In my case, the
following errors occurs. I have turned on the loglevel to -1, there seems to
have no information about the "ldif_record".

# ldapmodify -x -D "cn=peter, dc=ccgo, dc=hksarg" -W -C -f a

Enter LDAP Password:
modifying entry "cn=peter, dc=ccgo, dc=hksarg"
ldap_modify: Insufficient access

ldif_record() = 50

or

# ldapmodify -x -D "cn=peter, dc=ccgo, dc=hksarg" -W -f a
Enter LDAP Password:
modifying entry "cn=peter, dc=ccgo, dc=hksarg"
ldap_modify: Referral

ldif_record() = 10

3.   In the above, I find that when granting the write access to anoynomous, and
try (on slave):

# ldapmodify -x -D "cn=peter, dc=ccgo, dc=hksarg" -W -C -f a

The master is modified correctly, but still the slave is not modified.

I collected some log file on the slave:

slapd[8262]: modifications:
slapd[8262]: ^Ireplace: UDEPT
slapd[8262]: ^Ireplace: modifiersName
slapd[8262]: ^Ireplace: modifyTimestamp
slapd[8262]: conn=1 op=5 MOD dn="cn=peter, dc=ccgo, dc=hksarg"
slapd[8262]: send_ldap_result: conn=1 op=5 p=3
slapd[8262]: send_ldap_result: 21::value contains invalid data
slapd[8262]: send_ldap_response: msgid=6 tag=103 err=

The log says that when the master try to send the replication log to the slave,
"invalid data" message occurred. But why is it, as the master is modified
correctly?

Thanks a lot!

Wilson.





From: "Markus Storm" <Markus.Storm@mediaWays.net> on 04.02.2001 07:12 PM
To: openldap-software@OpenLDAP.org
cc: (bcc: Wilson KH SHEH/ITSD/HKSARG)
Subject: Re: Referral from Slave to Master failed in 2.0.7


"Kurt D. Zeilenga" wrote:
>
> At 01:01 PM 2/3/01 +0800, Wilson KH Sheh wrote:
> >It seems that when using the option -C, insufficient access occurs. But I
don't
> >know how to solve the problem.
>
> ldapmodify, like other tools, chases all referrals anonymously
> for security reasons.


I remember I saw a patch somewhere in the ITS that allows for authenticated
referral chasing when explicitly calling ldapmodify/search/... with an
'insecure' command-line switch.
Shouldn't that make it's way into the next version ?

regards,
Markus

Attachment: Markus.Storm.vcf
Description: Binary data