[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Problem Using Chain Overlay, unable to figure out dontusecopy control to fix it
Am Tue, 29 Jul 2014 17:22:17 -0500
schrieb Andy Dorman <adorman@ironicdesign.com>:
> - Debian OpenLDAP 2.4.39 using back_mdb
>
> - delta-syncrepl master->multiple slaves (lightning fast and has
> worked great for many years)
>
> - the client running on each slave and causing the problem is Horde
> using the php-ldap client (PHP 5.6).
>
> Horde is configured to use the slave/localhost LDAP replica and we
> are hoping to use updateref and chain overlay to write to the master
> and read from the localhost slave.
>
> Our slapd.conf global config has:
>
> ...
> moduleload back_ldap
> overlay chain
> chain-uri ldap://ldap.ironicdesign.com/
>
> chain-idassert-bind bindmethod="simple"
> binddn="root dn"
> credentials=<root pwd>
> mode="self"
> chain-return-error TRUE
> ...
>
> And after the syncrepl setup, the last line of slapd.conf defines
> updateref.
>
> ...
> updateref ldap://ldap.ironicdesign.com/
>
>
> So, the problem comes when we add an address book contact to be
> stored in LDAP. The contact is written successfully to the LDAP
> master, but then Horde/php-ldap tries to get/read the new contact and
> of course it is not on our localhost slave yet, so the "get" fails.
>
> I noted in the OpenLDAP docs, "12.3.4. Read-Back of Chained
> Modifications", where it discusses using the "dontusecopy" control in
> the client to prevent this problem, but I can find no reference to
> setting this "dontusecopy" control anywhere in the PHP-ldap client or
> any other client for that matter.
>
> Has anyone ever used the "dontusecopy" control and if so, would you
> mind terribly telling us how/where you used it?
The php ldap module has not implemented this control.
http://php.net/manual/en/book.ldap.php
You may test the client using ldapsearch(5), read the manual page on
search extensions.
-Dieter
--
Dieter KlÃnter | Systemberatung
http://sys4.de
GPG Key ID: E9ED159B
53Â37'09,95"N
10Â08'02,42"E