[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: AW: Replication between different Versions of server



Hi,

I have the same problem here (openldap 2.0.8).

when I try to modify the slave, I get a referral back, and when the client
then automatically tries to do the modification on the master, it binds
anonymous (BIND dn="" method=128) ..

Is there anything I can do to make it work ? (ie, bind as the same user to
the master as I used to bind to the slave)

It would be even nicer if I could make the slaveserver do the referral to
the master..

Thanks in advance,

Leon de Rooy
ldr@globalxs.nl
CyberComm / GlobalXS Internet


----- Original Message -----
From: "Paul Jakma" <paul@clubi.ie>
To: "Pierangelo Masarati" <masarati@aero.polimi.it>
Cc: "Tiefnig Daniel" <daniel.tiefnig@infonova.at>; "OpenLDAP Software"
<openldap-software@OpenLDAP.org>
Sent: Tuesday, May 15, 2001 2:39 AM
Subject: Re: AW: Replication between different Versions of server


> On Mon, 14 May 2001, Pierangelo Masarati wrote:
>
> > modification. The only missing functionality would be the referral
return
> > on write attempt.
>
> how do you get the refferal on write to work? it will not work for
> me -> clients that try to write to the slave are reffered to the
> master alright, but they always get "insufficient access". same
> client on same entry, same acl being applied but talking to the
> master LDAP server (hence with correct bind dn) can modify the entry.
>
> eg: (fogarty is slave that client is trying to modify an entry it
> owns and can modify on the master)
>
> May 15 01:29:57 fogarty slapd[3607]: conn=0 op=10 MOD
dn="uid=paul,ou=People,dc=jakma, dc=org"
> May 15 01:29:57 fogarty slapd[3607]: conn=0 op=10 RESULT tag=103 err=10
text=
> May 15 01:29:57 hibernia slapd[15379]: daemon: conn=6 fd=16 connection
from IP=192.168.0.4:33353 (IP=:: 389) accepted.
> May 15 01:29:57 hibernia slapd[15379]: conn=6 op=0 BIND dn="" method=128
> ^^^^^^
> May 15 01:29:57 hibernia slapd[15379]: conn=6 op=0 RESULT tag=97 err=0
text=
>
> the master always seems to get empty bind DNs, which of course means
> client can not modify it.
>
> i have same ACLs on both master and slave, including:
>
> access to dn=".*,ou=People,dc=jakma,dc=org"
>
attr=userpassword,ntpassword,lmpassword,roomNumber,initials,mobile,loginShel
l,gecos
>         by self write
>         by dn=".*ou=hosts,dc=jakma,dc=org" read
>         by anonymous auth
>         by * none
>
> on the slave, referral is:
>
> updateref ldap://hibernia.jakma.org/
>
> (i have also tried "ldap://hibernia.jakma.org";,
> ldap://hibernia.jakma.org, ldap://hibernia.jakma.org/dc=jakma,dc=org
> and ldap://hibernia.jakma.org/dc=jakma,dc=org?dn. makes no
> difference)
>
> Clients i've tried with are all the openldap tools, gq and
> directory_administrator which all use libldap.so.2 from the RH
> openldap-2.0.7-14 RPM.
>
> is this a misconfiguration problem, or is it a bug in openldap? any
> clues people could give would be greatly appreciated.
>
> > Pierangelo.
>
> thanks in advance.
>
> regards,
> --
> Paul Jakma paul@clubi.ie paul@jakma.org
> PGP5 key: http://www.clubi.ie/jakma/publickey.txt
> -------------------------------------------
> Fortune:
> Never worry about theory as long as the machinery does what it's supposed
to do.
> -- R. A. Heinlein
>