[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: write only referrals - possible?

To: openldap-software@OpenLDAP.org
Subject: Re: write only referrals - possible?
From: Tomasz Chmielewski <mangoo@interia.pl>
Date: Thu, 28 Oct 2004 16:13:23 +0200
User-agent: Mozilla Thunderbird 0.8 (X11/20040923)

Buchan Milne wrote:

>> Sounds very easy, but I would like to allow users to change their passwords, without having them to drive to where the central server is :) > > > > Do you have connectivity between the offices?

Yes, in general there is 99,9% connectivity between offices. It would be good if the whole thing didn't crash in case of this 0,1% connectivity problem.


> It is acceptable to have:
> -account creation
> -password changes
> be unavailable in the case of connectivity problems?

Do you mean if it's acceptable that passwords won't change and accounts won't be added if we can't connect to the master? Yes.

>> The whole process should look like below - taken from chapter 13.1 of Admin's Guide: >> >> 1. The LDAP client submits an LDAP modify operation to the slave slapd. >> >> 2. The slave slapd returns a referral to the LDAP client referring the client to the master slapd. >> >> 3. The LDAP client submits the LDAP modify operation to the master slapd. >> > > Yes, samba chases referrals.


Hmm?

>> 4. The master slapd performs the modify operation, writes out the change to its replication log file and returns a success code to the client. >> > Yes, slapd writes the replication log, and slurpd replicates it to slaves.


OK, at least that step I already practiced :)


>> Does it mean that it is possible to construct a "write only" referral?
>>
> That's what the updateref parameter is for ...

All right... I begin to catch.... Slowly... So from what you say, my environment should already be working the way I want :) So if I have in slave's slapd.conf:

updatedn cn=replica,dc=example,dc=com
updateref ldap://192.168.5.1:389

this means that any update attemts will be "forwarded" to that address?

Right now I'm not able to change anything in a slave (configuration is the same as in the master) - I'm able to change in the master and it's replicated to the slave a while later. [replica uri/replogfile in master; updatedn/updateref in slave are the only differences]. Is it possible that I can't make updates in slaves (using GQ or phpLDAPadmin) because I miss some "updatepassword = secret" or something like that? Or is it more fundamental?

> Samba chases referalls automatically, so I don't see the problem. Samba also has a configureable "ldap replication sleep", so you can make samba wait for replication of account additions it may require before doing any other changes.

So it's Samba configuration rather than OpenLDAP, right? Or Samba configuration should stay as it is now? Do you have any examples / links / what to search for? Would it be "samba ldap referrals"?


Tomek

PS. and yes, your openldap2.2 wasn't badly packaged, it just had minor issues :)

Prev by Date: Re: write only referrals - possible?
Next by Date: Re: Service authorization
Index(es):
- Chronological
- Thread