Re: Syncrepl and chain Overlay

["Pierangelo Masarati" <ando@sys-net.it>]

> Hi,
>
> I'm having some trouble to get the chain overlay to work on a syncrepl
> consumer with current HEAD code. My config basically looks like this:
>
> -------------------------------------------
> database bdb
> suffix "dc=example,dc=com"
> rootdn "cn=admin,dc=example,dc=com"
> rootpw "secret"
> overlay chain
> chain-uri ldap://<master-server>
> directory /var/lib/ldap
> checkpoint 1024 5
> cachesize 10000
> syncrepl rid=333
>         provider="ldap://<master-server>"
>         type=refreshOnly
>         interval=00:00:01:00
>         searchbase="dc=example,dc=com"
>         updatedn="cn=syncrepl,dc=example,dc=com"
>         bindmethod=simple
>         binddn="cn=administrator,dc=example,dc=com"
>         credentials="secret"
> updateref ldap://<master-server>
> index objectClass,uidNumber,gidNumber eq
> --------------------------------------------
>
> When issueing a modify operation on the consumer I just get the referral
> back
> as if the chain overlay wasn't there. It doesn't even try to contact the
> master server.
> I compiled everything (chain-overlay and back-ldap) statically into slapd
> and
> in the logs I see, that the chain-overlay is initialized and configured.
>
> Any idea what's going wrong here? Is the above configuration screwed?

didn't go into details reading your config, so there might be something
more; one thing I see is tht your configurtion is missing the
"chain-acl-authcDN", "chain-acl-passwd" directives that tell the
underlying back-ldap what identity to rebind as when following the
referral.

I suspect this is required in order to allow auth'd referral chasing when
performing writes.

p.

-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it


    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497