[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: replication referrals
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
John Duino wrote:
> On Fri, 2005-05-13 at 13:33, Allan E. Johannesen wrote:
>
>>>>>>>"jduino" == John Duino <jduino@nateng.com> writes:
>>
>>jduino> I'm not sure if this is a misconfig on my part or my not understanding
>>jduino> the tools.
>>
>>jduino> We have a master server with multiple slaves. The slurp works properly
>>jduino> when we modify/change/add to the master directly (ie, it replicates to
>>jduino> the slaves very quickly).
>>
>>jduino> However, if we do any of that to the slave (either with the openldap
>>jduino> tools on the commandline, or via phpldapadmin which uses the php-ldap
>>jduino> functions), the slave allows the update to happen directly, and thus
>>jduino> never gets updated on the master nor the other slaves. Debug and
>>jduino> sniffing shows no attempt at redirect/referral.
>>
>>In the replica, I have:
>>
>>updateref ldap://ldap-master.wpi.edu
>>
>>in the database definition.
>
>
> I use:
> updatedn "cn=Manager,c=canada"
What dn are you binding as when you make modifications to the slave?
If it's the updatedn ... well ... the OpenLDAP is doing the right thing
(allowing the updatedn to update values on the slave), you should avoid
this by not using the updatedn for anything but replication.
Ideally:
1)You should not use the same dn as both rootdn and updatedn
2)You should not use the rootdn or the updatedn for any
non-administrative tasks
Regards,
Buchan
- --
Buchan Milne Senior Support Technician
Obsidian Systems http://www.obsidian.co.za
B.Eng RHCE (803004789010797),LPIC-1 (LPI000074592)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCiFiRrJK6UGDSBKcRAi6mAKCA4dEO7ZiTb1gLGJCFgO8kpJI5LgCggsbl
wOddEi/BnMUYbjlX0jMlZQU=
=k5Qr
-----END PGP SIGNATURE-----