[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Referrals - problems modifying entries on slave
Hi there,
I had the same problem when I was experimenting with replication about
a year ago. The problem is with the way your client handles the
replication.
It is the client's responsibility to rebind to the master when given a
referral. However, when it rebinds you'll have to specify the proper
credentials for it to rebind. I guess they made this to be flexible by
design. But it was confusing as heck for non-LDAP experts ^_^ (I e-
mailed this list regarding this very same problem and with the same
exact wording ... "why does the rebind bind anonymously?")
You'll have to dig up some documentation on how to do this properly but
here's a code snippet I have using PerlLDAP that might get your brain
working.
$ldaph{"ldap_user"} = "cn=admin,o=My Company";
$ldaph{"ldap_pass"} = "secret";
$ldaph{"ldap_host"} = "myhost.mycompany.com";
$ldaph{"ldap_port"} = "4000";
my $conn = new Mozilla::LDAP::Conn( $ldaph{"ldap_user"}, $ldaph
{"ldap_pass"}, $ldaph{"ldap_host"}, $ldaph{"ldap_port" );
die if !$conn;
# rebind with credentials
$conn->setDefaultRebindProc($ldaph{"ldap_user"}, $ldaph{"ldap_pass"});
Check out: http://www.perldap.org/docs/Conn.html
If you're using ColdFusion there's also a switch/flag that you can turn
on to follow the referral and rebind with the proper credentials. More
recent clients and LDAP APIs probably have a similar flag (like some
constant you set or something)
Hope that helps
Jan-Michael
----- Original Message -----
From: "Dr. Hansjoerg Maurer" <hansjoerg.maurer@itsd.de>
Date: Saturday, October 19, 2002 2:23 am
Subject: Referrals - problems modifying entries on slave
> Hi,
>
> I managed to install an openladap master and slave.
> Replication works fine, when editing entrys on the master.
>
> When I edit an entry, while connected to the slave, the slave
> sends back
>
> a referral to the master.
> The client (gq or ldapadd with option -C) then connects to to the
> master.
>
> Ethereal shows,, that the DN entry of this rebind from the client
> to the
>
> master is empty.
> The modification on the master only succeeds, when I set the ACL
> in a
> way, that everybody can write to the master.
>
>
> Do i miss something or is this a limitation of the client/server.
>
> Thank you
>
> Hansjoerg
>
> --
> Dr. Hansjörg Maurer
> itsystems Deutschland AG
> Linprunstr. 10
> D-80335 Muenchen
> Ph/Fax +49 89 52 04 68-41/-59
>
>
>
>