[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: syncrepl in OpenLDAP 2.3.x and updating on a replica



Filipe Brandenburger wrote:
>> A better answer is that the OpenLDAP ldapmodify and ldapdelete tools
>> will not follow referrals. If you're working in a setup that uses
>> referrals, and you need the ldapmodify tool to work, then you need to
>> use chaining.
> 
> What about "passwd" over "pam_ldap"? Will it follow referrals? That's
> the one I *need* to keep working.

I just tested this, and it works: pam_ldap follows referrals.

I had tcpdump running on the client and the debug logs running on both
the master and slave servers. The client was configured to query the
slave only.

Then I ran "passwd" and watched as it tried to run the update on the
slave, getting a referral, then updating the master. tcpdump got all the
updates, and showed it connecting to the right machines. I could clearly
see the referral URL and the passwords old and new.

So, I guess having a "host" entry that points to a RR DNS will be the
way I'll go on this one.

I'll just have to take care of the other scripts that insert/delete
users to ignore /etc/ldap.conf and point to the master directly.

Thanks a lot!
Filipe