[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
some questions.
hi.
i have some minor questions/problems. over all i'm very happy with
openldap, thanks for all the hardwork everyone.
- i have replication working great between my master and slave. i am
however having a problem with referals back, i do have updateref
specified in the slaves slapd.conf and i can see the referral hit the
logs of master, however... when i run this command:
ldapmodify -h master -x -D "uid=adam,dc=blah,dc=com" -W -f /tmp/testmod
it works perferctly. when i run it against the slave without the -C i
get a referal notification. when i run it with the -C i get
"ldap_modify: Insufficient access". so it works directly against the
master so it's not a commandline syntax error.
what figured out is when i put the servers into debug mode i see the
acl's approve permissions for the write on the slave (as it should the
acls are identical between the master and the slave), and then as the
referal is chased to the master i see an anonymous bind and access
denied (as it should be to an anonymous request).
are all referals followed anonymously? this doesn't seem very useful.
if not then what haven't i done in order to make this work correctly?
- i use the cn=manager,dc=blah,dc=org as the updatedn for replication to
my slave servers. are there any issues with using the rootdn for
replication? it's easy enough to setup another user to act as the
updatedn but i'm not sure i see the point since it also requires full
access.
- i get a lot of these in my logs.
Feb 13 16:32:20 protos slapd[7469]: [ID 307533 local4.info] ldbm: ==> set_cachesize: method meaningless in shared environment
is it important, and what can i do to fix it if it's a problem?
- i have openldap compiled with tls support. my understanding is that
with start tls enabled you don't use port 636, instead the client
negotiates the use of ssl over the normal port. if i specify an ldaps
url will that work with start tls or do i have to be listening on port
636?
- if i want to extend my schema to include custom attributes what do i put
in for the oid? can i leave it blank? if not what's an acceptable
place holder?
thanks,
adam.