[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Referrals - problems modifying entries on slave



Hi there,

I had the same problem when I was experimenting with replication about 
a year ago. The problem is with the way your client handles the 
replication.

It is the client's responsibility to rebind to the master when given a 
referral. However, when it rebinds you'll have to specify the proper 
credentials for it to rebind. I guess they made this to be flexible by 
design. But it was confusing as heck for non-LDAP experts ^_^ (I e-
mailed this list regarding this very same problem and with the same 
exact wording ... "why does the rebind bind anonymously?")

You'll have to dig up some documentation on how to do this properly but 
here's a code snippet I have using PerlLDAP that might get your brain 
working. 

$ldaph{"ldap_user"} = "cn=admin,o=My Company";
$ldaph{"ldap_pass"} = "secret";
$ldaph{"ldap_host"} = "myhost.mycompany.com";
$ldaph{"ldap_port"} = "4000";

my $conn = new Mozilla::LDAP::Conn( $ldaph{"ldap_user"}, $ldaph
{"ldap_pass"}, $ldaph{"ldap_host"}, $ldaph{"ldap_port" );
die if !$conn;

# rebind with credentials
$conn->setDefaultRebindProc($ldaph{"ldap_user"}, $ldaph{"ldap_pass"});

Check out: http://www.perldap.org/docs/Conn.html

If you're using ColdFusion there's also a switch/flag that you can turn 
on to follow the referral and rebind with the proper credentials. More 
recent clients and LDAP APIs probably have a similar flag (like some 
constant you set or something)

Hope that helps

Jan-Michael



----- Original Message -----
From: "Dr. Hansjoerg Maurer" <hansjoerg.maurer@itsd.de>
Date: Saturday, October 19, 2002 2:23 am
Subject: Referrals - problems modifying entries on slave

> Hi,
> 
> I managed to install an openladap master and slave.
> Replication works fine, when editing entrys on the master.
> 
> When I edit an entry, while connected to the slave, the slave 
> sends back
> 
> a referral to the master.
> The client (gq or ldapadd with option -C) then connects to to the
> master.
> 
> Ethereal shows,, that the DN entry of this rebind from the client 
> to the
> 
> master is empty.
> The modification on the master only succeeds, when I set the ACL 
> in a
> way, that everybody can write to the master.
> 
> 
> Do i miss something or is this a limitation of the client/server.
> 
> Thank you
> 
> Hansjoerg
> 
> --
> Dr. Hansjörg Maurer
> itsystems Deutschland AG
> Linprunstr. 10
> D-80335 Muenchen
> Ph/Fax +49 89 52 04 68-41/-59
> 
> 
> 
>