[Date Prev][Date Next] [Chronological] [Thread] [Top]

replication (sending to slave and have it update master)



I think I managed to get the slave write the updates to the master using ldapsearch with the -C option but I'm not totally convinced.

I created an LDIF for modifications

# mod.ldif
dn: uid=mytest@mytest.com,ou=MyTest,o=MyCompany
changetype: modify
sn: NewLastname

then I run ldapmodify
/usr/local/bin/ldapmodify -f mod.ldif -D "uid=admin@mycompany.com,ou=SomeBranch,o=MyCompany" -w secret -h "myslave.mydomain.com" -p "389" -v -d 256


then I got "Insufficient Access" LDAP Error 50

so I added the following acl

# 130.12.150.17 is the ip address of the myslave.mydomain.com
# cn=Administrators, contains the uid=admin@mycompany.com its a special group of admins
access to dn"ou=MyTest,o=MyCompany"
by group="cn=Administrators,ou=SomeBranch,o=Adobe Systems" write
by peername="ip=130.12.150.17:*" write


and that seems to work but I have some questions that I'm hoping somebody would be kind enough to help me with

a.) Why was I forced to add the ip address to grant the slave write access on the machine? Why couldn't it have picked up the admin's group memebership from the group?
b.) Also I noticed that when I send an update to the slave, the master logs says that I bind anonymously


Nov 14 08:27:38 lookup2 slapd[10893]: daemon: conn=0 fd=9 connection from IP=130.12.150.17:33770 (IP=0.0.0.0:0) accepted.
Nov 14 08:27:38 lookup2 slapd[10893]: conn=0 op=0 BIND dn="" method=128
Nov 14 08:27:38 lookup2 slapd[10893]: conn=0 op=0 RESULT tag=97 err=0 text=
Nov 14 08:27:38 lookup2 slapd[10893]: conn=0 op=1 MOD dn="uid=admin@mycompany.com,ou=SomeBranch,o=MyCompany"
.... snip ...


Why is this so? Even if I bound as admin from the slave?

I would really appreciate any feedback or just some enlightenment to this "weirdness"

Thanks in advance

jan-mike