Ulf Weltman wrote:
Richard Megginson wrote:
> ILoveJython wrote:
>
>> I have read the document:
>>
>> Howto:ChainOnUpdate - Fedora Directory Server
>> <
http://directory.fedora.redhat.com/wiki/Howto:ChainOnUpdate>
>>
>> and have been unable to get it to work. When I attempt a write to
>> the consumer it makes the change on the
>> consumer and does not update the master.
>
>
>
> This is bad. If the consumer is configured to be a read only
> consumer you should not be able to make a change on it. You should
> either get a referral returned from the consumer to the client
> program which the client program will follow to make the change on
> the master, or, if chain on update is working, you will see the
> operation on the consumer and the same corresponding operation sent
> to the master.
>
>> With the next change on the master of any kind,
>> the mapping tree entry for this suffix changes from "nsslapd-state:
>> backend" to "nsslapd-state: referral on update".
>> Once this state changes, my client complains that it cannot update,
>> since it cannot follow referrals.
>
>
>
> Ulf, you've been able to get this running, right?
Yes, I was testing this a few weeks ago with the 7.1 release on
HP-UX. It was configured with the instructions in the wiki document
with a minor change to a malformed ACI (but that shouldn't cause this
problem):
http://directory.fedora.redhat.com/wiki?title=Howto%3AChainOnUpdate&d...
There was also a minor issue with a spurious warning being logged. It
doesn't cause any harm, just an inconvenience:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=176293
Danney, can you paste us these entries from your consumer's dse.ldif?
dn: cn="{your replicated suffix}", cn=mapping tree, cn=config
dn: cn=replica, cn="{your replicated suffix}", cn=mapping tree, cn=config
dn: cn=config, cn=chaining database, cn=plugins, cn=config
dn: cn={name of your chaining backend}, cn=chaining database,
cn=plugins, cn=config
In the fourth one you can blank out the "nsmultiplexorcredentials"
value before you send it.
>
>>
>> In addition, there are no log entries on the master to indicate any
>> activity back from the consumer to the master, i.e.
>> a proxy login.
>>
>> ------------------------------------------------------------------------
>>
>>
>> --
>> Fedora-directory-users mailing list
>> Fedora-directory-users(a)redhat.com
>>
https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>
>>
> ------------------------------------------------------------------------
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users(a)redhat.com
>
https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
When I could not get it to work, I removed everything. I repeated the process with the
values I used and they are below.
dn: cn="ou=CDE,o=FSL",cn=mapping tree, cn=config
objectClass: top
objectClass: extensibleObject
objectClass: nsMappingTree
nsslapd-state: backend
cn: "ou=CDE,o=FSL"
cn: ou=CDE,o=FSL
nsslapd-parent-suffix: "o=FSL"
nsslapd-backend: CDE
creatorsName: cn=directory manager
modifiersName: cn=directory manager
createTimestamp: 20060104155644Z
modifyTimestamp: 20060104164545Z
nsslapd-distribution-plugin: /var/fedora/servers/lib/replication-plugin.so
nsslapd-distribution-funct: repl_chain_on_update
numSubordinates: 1
nsslapd-referral: ldap://vs31-tx32.am.freescale.net:389/ou%3DCDE%2Co%3DFSL
dn: cn="ou=CDE,o=FSL",cn=mapping tree, cn=config
objectClass: top
objectClass: extensibleObject
objectClass: nsMappingTree
nsslapd-state: backend
cn: "ou=CDE,o=FSL"
cn: ou=CDE,o=FSL
nsslapd-parent-suffix: "o=FSL"
nsslapd-backend: CDE
creatorsName: cn=directory manager
modifiersName: cn=directory manager
createTimestamp: 20060104155644Z
modifyTimestamp: 20060104164545Z
nsslapd-distribution-plugin: /var/fedora/servers/lib/replication-plugin.so
nsslapd-distribution-funct: repl_chain_on_update
numSubordinates: 1
nsslapd-referral: ldap://vs31-tx32.am.freescale.net:389/ou%3DCDE%2Co%3DFSL
dn: cn=chaining database,cn=plugins,cn=config
cn: chaining database
nsslapd-pluginDescription: LDAP chaining backend database plugin
nsslapd-pluginEnabled: on
nsslapd-pluginId: chaining database
nsslapd-pluginInitfunc: chaining_back_init
nsslapd-pluginPath: /var/fedora/servers/lib/chainingdb-plugin.so
nsslapd-pluginType: database
nsslapd-pluginVendor: Fedora Project
nsslapd-pluginVersion: 7.1
objectClass: top
objectClass: nsSlapdPlugin
objectClass: extensibleObject
creatorsName: cn=directory manager
modifiersName: cn=directory manager
createTimestamp: 20051220230831Z
modifyTimestamp: 20051220230831Z
numSubordinates: 4
dn: cn=CDE,cn=chaining database,cn=plugins,cn=config
nschecklocalaci: on
nsslapd-suffix: ou=CDE,o=FSL
objectClass: top
objectClass: extensibleObject
nsmultiplexorbinddn: cn=Replication Manager,cn=replication,cn=config
nsfarmserverurl: ldap://vs31-tx32:389/ou=CDE,o=FSL
cn: CDE
nsmultiplexorcredentials: {DES}MY_VALUE_GOES_HERE
creatorsName: cn=directory manager
modifiersName: cn=directory manager
createTimestamp: 20060104162022Z
modifyTimestamp: 20060104162022Z