[Fedora-directory-users] Chain On Update problem
ILoveJython
danney.jarman at gmail.com
Wed Jan 4 17:10:42 UTC 2006
Ulf Weltman wrote:
> Richard Megginson wrote:
>
>> ILoveJython wrote:
>>
>>> I have read the document:
>>>
>>> Howto:ChainOnUpdate - Fedora Directory Server
>>> <http://directory.fedora.redhat.com/wiki/Howto:ChainOnUpdate>
>>>
>>> and have been unable to get it to work. When I attempt a write to
>>> the consumer it makes the change on the
>>> consumer and does not update the master.
>>
>>
>>
>> This is bad. If the consumer is configured to be a read only
>> consumer you should not be able to make a change on it. You should
>> either get a referral returned from the consumer to the client
>> program which the client program will follow to make the change on
>> the master, or, if chain on update is working, you will see the
>> operation on the consumer and the same corresponding operation sent
>> to the master.
>>
>>> With the next change on the master of any kind,
>>> the mapping tree entry for this suffix changes from "nsslapd-state:
>>> backend" to "nsslapd-state: referral on update".
>>> Once this state changes, my client complains that it cannot update,
>>> since it cannot follow referrals.
>>
>>
>>
>> Ulf, you've been able to get this running, right?
>
>
> Yes, I was testing this a few weeks ago with the 7.1 release on
> HP-UX. It was configured with the instructions in the wiki document
> with a minor change to a malformed ACI (but that shouldn't cause this
> problem):
> http://directory.fedora.redhat.com/wiki?title=Howto%3AChainOnUpdate&diff=0&oldid=2794
>
>
> There was also a minor issue with a spurious warning being logged. It
> doesn't cause any harm, just an inconvenience:
> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=176293
>
> Danney, can you paste us these entries from your consumer's dse.ldif?
> dn: cn="{your replicated suffix}", cn=mapping tree, cn=config
> dn: cn=replica, cn="{your replicated suffix}", cn=mapping tree, cn=config
> dn: cn=config, cn=chaining database, cn=plugins, cn=config
> dn: cn={name of your chaining backend}, cn=chaining database,
> cn=plugins, cn=config
>
> In the fourth one you can blank out the "nsmultiplexorcredentials"
> value before you send it.
>
>>
>>>
>>> In addition, there are no log entries on the master to indicate any
>>> activity back from the consumer to the master, i.e.
>>> a proxy login.
>>>
>>> ------------------------------------------------------------------------
>>>
>>>
>>> --
>>> Fedora-directory-users mailing list
>>> Fedora-directory-users at redhat.com
>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>
>>>
>> ------------------------------------------------------------------------
>>
>> --
>> Fedora-directory-users mailing list
>> Fedora-directory-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>
>>
>
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
When I could not get it to work, I removed everything. I repeated the process with the
values I used and they are below.
dn: cn="ou=CDE,o=FSL",cn=mapping tree, cn=config
objectClass: top
objectClass: extensibleObject
objectClass: nsMappingTree
nsslapd-state: backend
cn: "ou=CDE,o=FSL"
cn: ou=CDE,o=FSL
nsslapd-parent-suffix: "o=FSL"
nsslapd-backend: CDE
creatorsName: cn=directory manager
modifiersName: cn=directory manager
createTimestamp: 20060104155644Z
modifyTimestamp: 20060104164545Z
nsslapd-distribution-plugin: /var/fedora/servers/lib/replication-plugin.so
nsslapd-distribution-funct: repl_chain_on_update
numSubordinates: 1
nsslapd-referral: ldap://vs31-tx32.am.freescale.net:389/ou%3DCDE%2Co%3DFSL
dn: cn="ou=CDE,o=FSL",cn=mapping tree, cn=config
objectClass: top
objectClass: extensibleObject
objectClass: nsMappingTree
nsslapd-state: backend
cn: "ou=CDE,o=FSL"
cn: ou=CDE,o=FSL
nsslapd-parent-suffix: "o=FSL"
nsslapd-backend: CDE
creatorsName: cn=directory manager
modifiersName: cn=directory manager
createTimestamp: 20060104155644Z
modifyTimestamp: 20060104164545Z
nsslapd-distribution-plugin: /var/fedora/servers/lib/replication-plugin.so
nsslapd-distribution-funct: repl_chain_on_update
numSubordinates: 1
nsslapd-referral: ldap://vs31-tx32.am.freescale.net:389/ou%3DCDE%2Co%3DFSL
dn: cn=chaining database,cn=plugins,cn=config
cn: chaining database
nsslapd-pluginDescription: LDAP chaining backend database plugin
nsslapd-pluginEnabled: on
nsslapd-pluginId: chaining database
nsslapd-pluginInitfunc: chaining_back_init
nsslapd-pluginPath: /var/fedora/servers/lib/chainingdb-plugin.so
nsslapd-pluginType: database
nsslapd-pluginVendor: Fedora Project
nsslapd-pluginVersion: 7.1
objectClass: top
objectClass: nsSlapdPlugin
objectClass: extensibleObject
creatorsName: cn=directory manager
modifiersName: cn=directory manager
createTimestamp: 20051220230831Z
modifyTimestamp: 20051220230831Z
numSubordinates: 4
dn: cn=CDE,cn=chaining database,cn=plugins,cn=config
nschecklocalaci: on
nsslapd-suffix: ou=CDE,o=FSL
objectClass: top
objectClass: extensibleObject
nsmultiplexorbinddn: cn=Replication Manager,cn=replication,cn=config
nsfarmserverurl: ldap://vs31-tx32:389/ou=CDE,o=FSL
cn: CDE
nsmultiplexorcredentials: {DES}MY_VALUE_GOES_HERE
creatorsName: cn=directory manager
modifiersName: cn=directory manager
createTimestamp: 20060104162022Z
modifyTimestamp: 20060104162022Z
More information about the Fedora-directory-users
mailing list