[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
problem changing {0}config
- To: openldap-technical@openldap.org
- Subject: problem changing {0}config
- From: Christopher Wood <christopher_wood@pobox.com>
- Date: Wed, 2 Nov 2011 11:51:47 -0400
- Content-disposition: inline
- Dkim-signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=date:from:to :subject:message-id:mime-version:content-type; s=sasl; bh=iV0gRG CIZ+WUi41M3iC8Uj3wzwA=; b=Amyf/LGQGcl8WIBNABo9SwKDWYxx4P+uhG0H/H FUWtGmAD+6ibyfB9pHGOHqfQCRUljNWXnZukmCnjX5vr1KPTP0ZKbrxlXJQREpiH szr9J5aiu1kUiDBinuCh9Ev6urDvZZGSIhgbzaV90vOVI1IlGDvgPaJe/3jdbfey e4FUI=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=pobox.com; h=date:from:to :subject:message-id:mime-version:content-type; q=dns; s=sasl; b= PaN3KpFVmeWzyRKKMF1aKME0YD4152tMQgUZEbZPPe2Yy+mPfJ2T0r3N/lCP6Y4s Hv3ZWZgFRLcjZ8xajygqVko9cdVAqY0tJhfjl2aJuQF2ON7QjDRnTkkcJK4GRC3c KaLkY0x4SQuTx2oa6Al0XBb91rOwb0KAfPeI9/bnmXc=
- User-agent: Mutt/1.5.20 (2009-06-14)
Question: What is happening that I can turn a multimaster replica into a "shadow context"?
(I'm more or less fine with the behaviour since I don't mind stopping the multimaster slapd's to do a password change, but I'm concerned that I may have missed some underlying problem in my setup.)
I've found that issuing a particular set of changes to one or both cn=config multimaster replicas means that I cannot issue any more changes to cn=config until I restart slapd.
The ldif I paste into my ldapmodify session is this (changed the hostname and credentials from the real ones):
dn: olcDatabase={0}config,cn=config
changetype: modify
replace: olcSyncrepl
olcSyncrepl: {0}rid=1 provider=ldap://ldap-supplier-lab-01.company.com binddn="cn=config" bindmethod=simple credentials=newpw searchbase="cn=config" type=refreshAndPersist retry="5 5 30 +" timeout=5
olcSyncrepl: {1}rid=2 provider=ldap://ldap-supplier-lab-02.company.com binddn="cn=config" bindmethod=simple credentials=newpw searchbase="cn=config" type=refreshAndPersist retry="5 5 30 +" timeout=5
-
replace: olcRootPW
olcRootPW: newpw
I get this output:
modifying entry "olcDatabase={0}config,cn=config"
Then I observe the following behaviour:
I can ldapsearch with the new password and get the expected result (ldif output of the cn=config database).
When I ldapmodify with the new password I get this output:
modifying entry "olcDatabase={0}config,cn=config"
ldap_modify: Server is unwilling to perform (53)
additional info: shadow context; no update referral
After I restart slapd I get the expected behaviours with both ldapsearch (get ldif output) and ldapmodify (can change cn=config).
Further, I've diffed the ldif output of directories before and after this change, and I do not see any difference apart from the attributes that I've changed.