[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Problem with replica.

To: Paul Shevtsov <paul@Dongorbank.COM>
Subject: Re: Problem with replica.
From: Pierangelo Masarati <ando@sys-net.it>
Date: Wed, 15 Nov 2006 10:21:39 +0100
Cc: openldap-software@openldap.org
In-reply-to: <20061115080500.GA31899@forestoll.dgb.local>
References: <20061110121643.GB23550@forestoll.dgb.local> <4555F2DB.80607@sys-net.it> <20061113122954.GB27924@forestoll.dgb.local> <45589BE4.4050409@sys-net.it> <20061114104658.GA91931@forestoll.dgb.local> <4559F8F2.2070509@sys-net.it> <20061115080500.GA31899@forestoll.dgb.local>
User-agent: Thunderbird 1.5.0.8 (X11/20061025)

Please keep replies on the mailing list.

Paul Shevtsov wrote:

On Tue, Nov 14, 2006 at 06:12:18PM +0100, Pierangelo Masarati wrote:
Apparently, your client tries to chase referrals anonymously, and this fails as expected. I don't see any software malfunction here (on the OpenLDAP side, at least); there might be a missing or misimplemented feature in the client, though.
Ok. I try on slave side Client message ------------------------------------------------------------------------- #ldapadd -W -x -D "cn=root,dc=dgb,dc=local" -f bbb1.ldif #Enter password: adding new entry "uid=bbb1,ou=users,dc=dgb,dc=local" ldap_add: Referral (10) refferals: ldap://ldap.dgb.local/uid=bbb1,ou=users,dc=dgb,dc=local ------------------------------------------------------------------------- Server message (loglevel stats sycn) ------------------------------------------------------------------------- Nov 15 09:10:51 casablanca slapd[63235]: conn=863 fd=12 ACCEPT from IP=127.0.0.1:61526 (IP=0.0.0.0:389) Nov 15 09:10:51 casablanca slapd[63235]: conn=863 op=0 BIND dn="cn=root,dc=dgb,dc=local" method=128 Nov 15 09:10:51 casablanca slapd[63235]: conn=863 op=0 BIND dn="cn=root,dc=dgb,dc=local" mech=SIMPLE ssf=0 Nov 15 09:10:51 casablanca slapd[63235]: conn=863 op=0 RESULT tag=97 err=0 text= Nov 15 09:10:51 casablanca slapd[63235]: conn=863 op=1 ADD dn="uid=bbb1,ou=users,dc=dgb,dc=local" Nov 15 09:10:51 casablanca slapd[63235]: conn=863 op=1 RESULT tag=105 err=10 text= Nov 15 09:10:51 casablanca slapd[63235]: conn=863 op=2 UNBIND Nov 15 09:10:51 casablanca slapd[63235]: conn=863 fd=12 closed --------------------------------------------------------------------------- And from master side i look tcmpdump and not received any packets. This is native ldapadd. :(

This question has been asked (and answered!) so many times... OpenLDAP tools solve the problem of authenticated referral chasing by delegating it to the user. They simply return a referral and don't even try to chase it anonymously (as supposed to be useless for writes) nor by propagating credentials to the referred DSA (it would be a very poor decision, as the client has no means to determine whether the referred DSA is trusted or not; or, whenever distributed authentication is implemented, it is very likely that the referred DSA has no means to authenticate an otherwise valid user for the initially contacted DSA.


		When i try use smbldap-useradd i got:
------------------------client message-------------------------------------
		smbldap-useradd bbb2
		Error: Referral received at /usr/local/lib/perl5/site_perl/5.8.8/smbldap_tools.pm line 1056
----------------------------------------------------------------------------

--------------------------server message------------------------------------
Nov 15 09:40:24 casablanca slapd[63235]: conn=885 fd=21 ACCEPT from IP=127.0.0.1:50523 (IP=0.0.0.0:389)
Nov 15 09:40:24 casablanca slapd[63235]: conn=885 op=0 BIND dn="cn=root,dc=dgb,dc=local" method=128
Nov 15 09:40:24 casablanca slapd[63235]: conn=885 op=0 BIND dn="cn=root,dc=dgb,dc=local" mech=SIMPLE ssf=0
Nov 15 09:40:24 casablanca slapd[63235]: conn=885 op=0 RESULT tag=97 err=0 text=
Nov 15 09:40:24 casablanca slapd[63235]: conn=885 op=1 SRCH base="dc=dgb,dc=local" scope=2 deref=2 filter="(&(objectClass=posixAccount)(uid=bbb2))"
Nov 15 09:40:24 casablanca slapd[63235]: conn=885 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
Nov 15 09:40:24 casablanca slapd[63235]: conn=885 op=2 SRCH base="sambaDomainName=dgb,dc=dgb,dc=local" scope=0 deref=2 filter="(objectClass=sambaUnixIdPool)"
Nov 15 09:40:24 casablanca slapd[63235]: conn=885 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
Nov 15 09:40:24 casablanca slapd[63235]: conn=885 op=3 MOD dn="sambaDomainName=dgb,dc=dgb,dc=local"
Nov 15 09:40:24 casablanca slapd[63235]: conn=885 op=3 MOD attr=uidNumber
Nov 15 09:40:24 casablanca slapd[63235]: conn=885 op=3 RESULT tag=103 err=10 text=
Nov 15 09:40:24 casablanca slapd[63235]: conn=885 fd=21 closed (connection lost)
------------------------------------------------------------------------------

			And again any packets on master side.

		I should solve a problem of synchronization of passwords
		for samba from slave to master LDAP.
		And not find the decision. :(

		Help me please.... :)
		Where i am mistaken?

I think OpenLDAP has little to do with smbldap-useradd; however, it looks like that that tool is working as expected, since it behaves the same as ldapadd...

p.

Follow-Ups:
- Re: Problem with replica.
  - From: Paul Shevtsov <paul@Dongorbank.COM>

References:
- Problem with replica. (SLURP).
  - From: Paul Shevtsov <paul@Dongorbank.COM>
- Re: Problem with replica. (SLURP).
  - From: Pierangelo Masarati <ando@sys-net.it>
- Re: Problem with replica. (SLURP).
  - From: Paul Shevtsov <paul@Dongorbank.COM>
- Re: Problem with replica. (SLURP).
  - From: Pierangelo Masarati <ando@sys-net.it>
- Re: Problem with replica.
  - From: Paul Shevtsov <paul@Dongorbank.COM>
- Re: Problem with replica.
  - From: Pierangelo Masarati <ando@sys-net.it>

Prev by Date: How To Configure w/ FreeBSD
Next by Date: proxycache + back-shell
Index(es):
- Chronological
- Thread