[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: syncrepl in OpenLDAP 2.3.x and updating on a replica
Filipe Brandenburger wrote:
>> A better answer is that the OpenLDAP ldapmodify and ldapdelete tools
>> will not follow referrals. If you're working in a setup that uses
>> referrals, and you need the ldapmodify tool to work, then you need to
>> use chaining.
>
> What about "passwd" over "pam_ldap"? Will it follow referrals? That's
> the one I *need* to keep working.
I just tested this, and it works: pam_ldap follows referrals.
I had tcpdump running on the client and the debug logs running on both
the master and slave servers. The client was configured to query the
slave only.
Then I ran "passwd" and watched as it tried to run the update on the
slave, getting a referral, then updating the master. tcpdump got all the
updates, and showed it connecting to the right machines. I could clearly
see the referral URL and the passwords old and new.
So, I guess having a "host" entry that points to a RR DNS will be the
way I'll go on this one.
I'll just have to take care of the other scripts that insert/delete
users to ignore /etc/ldap.conf and point to the master directly.
Thanks a lot!
Filipe