[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Problem with replica.



Please keep replies on the mailing list.

Paul Shevtsov wrote:
On Tue, Nov 14, 2006 at 06:12:18PM +0100, Pierangelo Masarati wrote:
Apparently, your client tries to chase referrals anonymously, and this fails as expected. I don't see any software malfunction here (on the OpenLDAP side, at least); there might be a missing or misimplemented feature in the client, though.

Ok. I try on slave side Client message
-------------------------------------------------------------------------
#ldapadd -W -x -D "cn=root,dc=dgb,dc=local" -f bbb1.ldif
#Enter password:
adding new entry "uid=bbb1,ou=users,dc=dgb,dc=local"
ldap_add: Referral (10)
refferals:
ldap://ldap.dgb.local/uid=bbb1,ou=users,dc=dgb,dc=local
-------------------------------------------------------------------------
Server message (loglevel stats sycn)
-------------------------------------------------------------------------
Nov 15 09:10:51 casablanca slapd[63235]: conn=863 fd=12 ACCEPT from IP=127.0.0.1:61526 (IP=0.0.0.0:389)
Nov 15 09:10:51 casablanca slapd[63235]: conn=863 op=0 BIND dn="cn=root,dc=dgb,dc=local" method=128
Nov 15 09:10:51 casablanca slapd[63235]: conn=863 op=0 BIND dn="cn=root,dc=dgb,dc=local" mech=SIMPLE ssf=0
Nov 15 09:10:51 casablanca slapd[63235]: conn=863 op=0 RESULT tag=97 err=0 text=
Nov 15 09:10:51 casablanca slapd[63235]: conn=863 op=1 ADD dn="uid=bbb1,ou=users,dc=dgb,dc=local"
Nov 15 09:10:51 casablanca slapd[63235]: conn=863 op=1 RESULT tag=105 err=10 text=
Nov 15 09:10:51 casablanca slapd[63235]: conn=863 op=2 UNBIND
Nov 15 09:10:51 casablanca slapd[63235]: conn=863 fd=12 closed
---------------------------------------------------------------------------
And from master side i look tcmpdump and not received any packets.
This is native ldapadd. :(
This question has been asked (and answered!) so many times... OpenLDAP tools solve the problem of authenticated referral chasing by delegating it to the user. They simply return a referral and don't even try to chase it anonymously (as supposed to be useless for writes) nor by propagating credentials to the referred DSA (it would be a very poor decision, as the client has no means to determine whether the referred DSA is trusted or not; or, whenever distributed authentication is implemented, it is very likely that the referred DSA has no means to authenticate an otherwise valid user for the initially contacted DSA.

When i try use smbldap-useradd i got: ------------------------client message------------------------------------- smbldap-useradd bbb2 Error: Referral received at /usr/local/lib/perl5/site_perl/5.8.8/smbldap_tools.pm line 1056 ----------------------------------------------------------------------------

--------------------------server message------------------------------------
Nov 15 09:40:24 casablanca slapd[63235]: conn=885 fd=21 ACCEPT from IP=127.0.0.1:50523 (IP=0.0.0.0:389)
Nov 15 09:40:24 casablanca slapd[63235]: conn=885 op=0 BIND dn="cn=root,dc=dgb,dc=local" method=128
Nov 15 09:40:24 casablanca slapd[63235]: conn=885 op=0 BIND dn="cn=root,dc=dgb,dc=local" mech=SIMPLE ssf=0
Nov 15 09:40:24 casablanca slapd[63235]: conn=885 op=0 RESULT tag=97 err=0 text=
Nov 15 09:40:24 casablanca slapd[63235]: conn=885 op=1 SRCH base="dc=dgb,dc=local" scope=2 deref=2 filter="(&(objectClass=posixAccount)(uid=bbb2))"
Nov 15 09:40:24 casablanca slapd[63235]: conn=885 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
Nov 15 09:40:24 casablanca slapd[63235]: conn=885 op=2 SRCH base="sambaDomainName=dgb,dc=dgb,dc=local" scope=0 deref=2 filter="(objectClass=sambaUnixIdPool)"
Nov 15 09:40:24 casablanca slapd[63235]: conn=885 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
Nov 15 09:40:24 casablanca slapd[63235]: conn=885 op=3 MOD dn="sambaDomainName=dgb,dc=dgb,dc=local"
Nov 15 09:40:24 casablanca slapd[63235]: conn=885 op=3 MOD attr=uidNumber
Nov 15 09:40:24 casablanca slapd[63235]: conn=885 op=3 RESULT tag=103 err=10 text=
Nov 15 09:40:24 casablanca slapd[63235]: conn=885 fd=21 closed (connection lost)
------------------------------------------------------------------------------

			And again any packets on master side.

		I should solve a problem of synchronization of passwords
		for samba from slave to master LDAP.
		And not find the decision. :(

		Help me please.... :)
		Where i am mistaken?

I think OpenLDAP has little to do with smbldap-useradd; however, it looks like that that tool is working as expected, since it behaves the same as ldapadd...

p.