[Fedora-directory-users] Chain On Update problem
Ulf Weltman
ulf.weltman at hp.com
Tue Jan 3 19:28:05 UTC 2006
Richard Megginson wrote:
> ILoveJython wrote:
>
>> I have read the document:
>>
>> Howto:ChainOnUpdate - Fedora Directory Server
>> <http://directory.fedora.redhat.com/wiki/Howto:ChainOnUpdate>
>>
>> and have been unable to get it to work. When I attempt a write to the
>> consumer it makes the change on the
>> consumer and does not update the master.
>
>
> This is bad. If the consumer is configured to be a read only consumer
> you should not be able to make a change on it. You should either get
> a referral returned from the consumer to the client program which the
> client program will follow to make the change on the master, or, if
> chain on update is working, you will see the operation on the consumer
> and the same corresponding operation sent to the master.
>
>> With the next change on the master of any kind,
>> the mapping tree entry for this suffix changes from "nsslapd-state:
>> backend" to "nsslapd-state: referral on update".
>> Once this state changes, my client complains that it cannot update,
>> since it cannot follow referrals.
>
>
> Ulf, you've been able to get this running, right?
Yes, I was testing this a few weeks ago with the 7.1 release on HP-UX.
It was configured with the instructions in the wiki document with a
minor change to a malformed ACI (but that shouldn't cause this problem):
http://directory.fedora.redhat.com/wiki?title=Howto%3AChainOnUpdate&diff=0&oldid=2794
There was also a minor issue with a spurious warning being logged. It
doesn't cause any harm, just an inconvenience:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=176293
Danney, can you paste us these entries from your consumer's dse.ldif?
dn: cn="{your replicated suffix}", cn=mapping tree, cn=config
dn: cn=replica, cn="{your replicated suffix}", cn=mapping tree, cn=config
dn: cn=config, cn=chaining database, cn=plugins, cn=config
dn: cn={name of your chaining backend}, cn=chaining database,
cn=plugins, cn=config
In the fourth one you can blank out the "nsmultiplexorcredentials" value
before you send it.
>
>>
>> In addition, there are no log entries on the master to indicate any
>> activity back from the consumer to the master, i.e.
>> a proxy login.
>>
>> ------------------------------------------------------------------------
>>
>> --
>> Fedora-directory-users mailing list
>> Fedora-directory-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>
>>
>------------------------------------------------------------------------
>
>--
>Fedora-directory-users mailing list
>Fedora-directory-users at redhat.com
>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
More information about the Fedora-directory-users
mailing list