[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: some questions.
okay so i finally found some references on the mailing list that state
that referals are always followed anonymously. so how is this supposed to
work?
i'm using solaris 8's nss/pam ldap, if i want the user to be able change
their password it means that the only ldap server i can specify is the
master one for everything.
how to i make queries go to the slave and changes go to the master if you
can't do authenticated referrals?
how are people solving this problem?
adam.
> - i have replication working great between my master and slave. i am
> however having a problem with referals back, i do have updateref
> specified in the slaves slapd.conf and i can see the referral hit the
> logs of master, however... when i run this command:
>
> ldapmodify -h master -x -D "uid=adam,dc=blah,dc=com" -W -f /tmp/testmod
>
> it works perferctly. when i run it against the slave without the -C i
> get a referal notification. when i run it with the -C i get
> "ldap_modify: Insufficient access". so it works directly against the
> master so it's not a commandline syntax error.
>
> what figured out is when i put the servers into debug mode i see the
> acl's approve permissions for the write on the slave (as it should the
> acls are identical between the master and the slave), and then as the
> referal is chased to the master i see an anonymous bind and access
> denied (as it should be to an anonymous request).
>
> are all referals followed anonymously? this doesn't seem very useful.
> if not then what haven't i done in order to make this work correctly?