[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: binding anonymously when slave tries to replicate



Jan-Michael Ong wrote...:

> A few weeks ago I posted a question regarding the following:
> 
> If the slave is sent an update, a referral is sent to the master
> which then propagates the changes. However, I noticed that all
> updates fail since the slave tries to update an entry on the master
> anonymously. 

actually i'd be surprised, if it really happened the way you explain. 
referrals aren't sent to the master, but back to the client, which (the 
client) is then responsible for passing the update request to the 
referred server (the master..).

> Would it be a good idea to let the master accept an anonymous bind
> just from the slave? If so how can I write the access rule to do
> this? I was thinking of the following. Could someone please correct
> me or offer some hints as to how they solved this problem.
> 
> access to *
>     by * peername="ip address of the slave:*" write

access to *
   by peername"IP=1\.2\.3\.4" write

> I'm just afraid that this might be susceptible to IP spoofing and I
> will essentially be letting everyone write to the ldap server.

hmm, actually it is, i guess.. but i think you don't need the above 
anonymous-write ACL, regarding what i said about referrals, do you..?

hth,
daniel