[Fedora-directory-users] Chain On Update problem

Richard Megginson rmeggins at redhat.com
Wed Jan 4 18:11:58 UTC 2006 

Hmm - there are two entries for

dn: cn="ou=CDE,o=FSL",cn=mapping tree, cn=config

That's bad.  In addition, there is only 1 nsslapd-backend for that 
suffix - there should be two - one for the 'local' backend which is the 
replica of the master, and one for the chaining backend. e.g. 
nsslapd-backend: userRoot
Only the chaining backend is there.

ILoveJython wrote:

>Ulf Weltman wrote:
>
>  
>
>>Richard Megginson wrote:
>>
>>    
>>
>>>ILoveJython wrote:
>>>
>>>      
>>>
>>>>I have read the document:
>>>>
>>>>Howto:ChainOnUpdate - Fedora Directory Server
>>>><http://directory.fedora.redhat.com/wiki/Howto:ChainOnUpdate>
>>>>
>>>>and have been unable to get it to work. When I attempt a write to
>>>>the consumer it makes the change on the
>>>>consumer and does not update the master.
>>>>        
>>>>
>>>
>>>This is bad.  If the consumer is configured to be a read only
>>>consumer you should not be able to make a change on it.  You should
>>>either get a referral returned from the consumer to the client
>>>program which the client program will follow to make the change on
>>>the master, or, if chain on update is working, you will see the
>>>operation on the consumer and the same corresponding operation sent
>>>to the master.
>>>
>>>      
>>>
>>>>With the next change on the master of any kind,
>>>>the mapping tree entry for this suffix changes from "nsslapd-state:
>>>>backend" to "nsslapd-state: referral on update".
>>>>Once this state changes, my client complains that it cannot update,
>>>>since it cannot follow referrals.
>>>>        
>>>>
>>>
>>>Ulf, you've been able to get this running, right?
>>>      
>>>
>>Yes, I was testing this a few weeks ago with the 7.1 release on
>>HP-UX.  It was configured with the instructions in the wiki document
>>with a minor change to a malformed ACI (but that shouldn't cause this
>>problem):
>>http://directory.fedora.redhat.com/wiki?title=Howto%3AChainOnUpdate&diff=0&oldid=2794
>>
>>
>>There was also a minor issue with a spurious warning being logged.  It
>>doesn't cause any harm, just an inconvenience:
>>https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=176293
>>
>>Danney, can you paste us these entries from your consumer's dse.ldif?
>>dn: cn="{your replicated suffix}", cn=mapping tree, cn=config
>>dn: cn=replica, cn="{your replicated suffix}", cn=mapping tree, cn=config
>>dn: cn=config, cn=chaining database, cn=plugins, cn=config
>>dn: cn={name of your chaining backend}, cn=chaining database,
>>cn=plugins, cn=config
>>
>>In the fourth one you can blank out the "nsmultiplexorcredentials"
>>value before you send it.
>>
>>    
>>
>>>>In addition, there are no log entries on the master to indicate any
>>>>activity back from the consumer to the master, i.e.
>>>>a proxy login.
>>>>
>>>>------------------------------------------------------------------------
>>>>
>>>>
>>>>-- 
>>>>Fedora-directory-users mailing list
>>>>Fedora-directory-users at redhat.com
>>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>> 
>>>>
>>>>        
>>>>
>>>------------------------------------------------------------------------
>>>
>>>-- 
>>>Fedora-directory-users mailing list
>>>Fedora-directory-users at redhat.com
>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>> 
>>>
>>>      
>>>
>>-- 
>>Fedora-directory-users mailing list
>>Fedora-directory-users at redhat.com
>>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>
>>    
>>
>
>When I could not get it to work, I removed everything. I repeated the process with the
>values I used and they are below.
>
>dn: cn="ou=CDE,o=FSL",cn=mapping tree, cn=config
>objectClass: top
>objectClass: extensibleObject
>objectClass: nsMappingTree
>nsslapd-state: backend
>cn: "ou=CDE,o=FSL"
>cn: ou=CDE,o=FSL
>nsslapd-parent-suffix: "o=FSL"
>nsslapd-backend: CDE
>creatorsName: cn=directory manager
>modifiersName: cn=directory manager
>createTimestamp: 20060104155644Z
>modifyTimestamp: 20060104164545Z
>nsslapd-distribution-plugin: /var/fedora/servers/lib/replication-plugin.so
>nsslapd-distribution-funct: repl_chain_on_update
>numSubordinates: 1
>nsslapd-referral: ldap://vs31-tx32.am.freescale.net:389/ou%3DCDE%2Co%3DFSL
>
>
>
>dn: cn="ou=CDE,o=FSL",cn=mapping tree, cn=config
>objectClass: top
>objectClass: extensibleObject
>objectClass: nsMappingTree
>nsslapd-state: backend
>cn: "ou=CDE,o=FSL"
>cn: ou=CDE,o=FSL
>nsslapd-parent-suffix: "o=FSL"
>nsslapd-backend: CDE
>creatorsName: cn=directory manager
>modifiersName: cn=directory manager
>createTimestamp: 20060104155644Z
>modifyTimestamp: 20060104164545Z
>nsslapd-distribution-plugin: /var/fedora/servers/lib/replication-plugin.so
>nsslapd-distribution-funct: repl_chain_on_update
>numSubordinates: 1
>nsslapd-referral: ldap://vs31-tx32.am.freescale.net:389/ou%3DCDE%2Co%3DFSL
>
>
>
>dn: cn=chaining database,cn=plugins,cn=config
>cn: chaining database
>nsslapd-pluginDescription: LDAP chaining backend database plugin
>nsslapd-pluginEnabled: on
>nsslapd-pluginId: chaining database
>nsslapd-pluginInitfunc: chaining_back_init
>nsslapd-pluginPath: /var/fedora/servers/lib/chainingdb-plugin.so
>nsslapd-pluginType: database
>nsslapd-pluginVendor: Fedora Project
>nsslapd-pluginVersion: 7.1
>objectClass: top
>objectClass: nsSlapdPlugin
>objectClass: extensibleObject
>creatorsName: cn=directory manager
>modifiersName: cn=directory manager
>createTimestamp: 20051220230831Z
>modifyTimestamp: 20051220230831Z
>numSubordinates: 4
>
>
>
>dn: cn=CDE,cn=chaining database,cn=plugins,cn=config
>nschecklocalaci: on
>nsslapd-suffix: ou=CDE,o=FSL
>objectClass: top
>objectClass: extensibleObject
>nsmultiplexorbinddn: cn=Replication Manager,cn=replication,cn=config
>nsfarmserverurl: ldap://vs31-tx32:389/ou=CDE,o=FSL
>cn: CDE
>nsmultiplexorcredentials: {DES}MY_VALUE_GOES_HERE
>creatorsName: cn=directory manager
>modifiersName: cn=directory manager
>createTimestamp: 20060104162022Z
>modifyTimestamp: 20060104162022Z
>
>--
>Fedora-directory-users mailing list
>Fedora-directory-users at redhat.com
>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>  
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3178 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20060104/746d008f/attachment.bin>

More information about the Fedora-directory-users mailing list