Re: some questions.

[Adam Shand <larry@spack.org>]

okay so i finally found some references on the mailing list that state
that referals are always followed anonymously.  so how is this supposed to
work?

i'm using solaris 8's nss/pam ldap, if i want the user to be able change
their password it means that the only ldap server i can specify is the
master one for everything.

how to i make queries go to the slave and changes go to the master if you
can't do authenticated referrals?

how are people solving this problem?

adam.

> - i have replication working great between my master and slave.  i am
>   however having a problem with referals back, i do have updateref
>   specified in the slaves slapd.conf and i can see the referral hit the
>   logs of master, however... when i run this command:
>
>   ldapmodify -h master -x -D "uid=adam,dc=blah,dc=com" -W -f /tmp/testmod
>
>   it works perferctly.  when i run it against the slave without the -C i
>   get a referal notification.  when i run it with the -C i get
>   "ldap_modify: Insufficient access".  so it works directly against the
>   master so it's not a commandline syntax error.
>
>   what figured out is when i put the servers into debug mode i see the
>   acl's approve permissions for the write on the slave (as it should the
>   acls are identical between the master and the slave), and then as the
>   referal is chased to the master i see an anonymous bind and access
>   denied (as it should be to an anonymous request).
>
>   are all referals followed anonymously?  this doesn't seem very useful.
>   if not then what haven't i done in order to make this work correctly?