I have tried but still cannot successfully make the slave to master referral. I have the following questions: 1. Have anyone really successfully do the slave to master referral? If so, what client do you use to test it? Is the the supplied clients, like ldapmodify, ldapadd, etc? If so, what is the meaning of the -C option? Is it necessary to use this option to have referral? 2. Do anyone know the meaning of the error "ldif_record()" ? In my case, the following errors occurs. I have turned on the loglevel to -1, there seems to have no information about the "ldif_record". # ldapmodify -x -D "cn=peter, dc=ccgo, dc=hksarg" -W -C -f a Enter LDAP Password: modifying entry "cn=peter, dc=ccgo, dc=hksarg" ldap_modify: Insufficient access ldif_record() = 50 or # ldapmodify -x -D "cn=peter, dc=ccgo, dc=hksarg" -W -f a Enter LDAP Password: modifying entry "cn=peter, dc=ccgo, dc=hksarg" ldap_modify: Referral ldif_record() = 10 3. In the above, I find that when granting the write access to anoynomous, and try (on slave): # ldapmodify -x -D "cn=peter, dc=ccgo, dc=hksarg" -W -C -f a The master is modified correctly, but still the slave is not modified. I collected some log file on the slave: slapd[8262]: modifications: slapd[8262]: ^Ireplace: UDEPT slapd[8262]: ^Ireplace: modifiersName slapd[8262]: ^Ireplace: modifyTimestamp slapd[8262]: conn=1 op=5 MOD dn="cn=peter, dc=ccgo, dc=hksarg" slapd[8262]: send_ldap_result: conn=1 op=5 p=3 slapd[8262]: send_ldap_result: 21::value contains invalid data slapd[8262]: send_ldap_response: msgid=6 tag=103 err= The log says that when the master try to send the replication log to the slave, "invalid data" message occurred. But why is it, as the master is modified correctly? Thanks a lot! Wilson. From: "Markus Storm" <Markus.Storm@mediaWays.net> on 04.02.2001 07:12 PM To: openldap-software@OpenLDAP.org cc: (bcc: Wilson KH SHEH/ITSD/HKSARG) Subject: Re: Referral from Slave to Master failed in 2.0.7 "Kurt D. Zeilenga" wrote: > > At 01:01 PM 2/3/01 +0800, Wilson KH Sheh wrote: > >It seems that when using the option -C, insufficient access occurs. But I don't > >know how to solve the problem. > > ldapmodify, like other tools, chases all referrals anonymously > for security reasons. I remember I saw a patch somewhere in the ITS that allows for authenticated referral chasing when explicitly calling ldapmodify/search/... with an 'insecure' command-line switch. Shouldn't that make it's way into the next version ? regards, Markus
Attachment:
Markus.Storm.vcf
Description: Binary data