[Fedora-directory-users] Problem with referrals

[Russell Miller]

I am working on a fairly simple DS system - one master and about 12
replication slaves.  I didn't go multimaster because we don't have enough
servers to justify that... but anyway.

We've had a consistent problem for years with password changing - which I'm
trying to fix.  It used to be that changing passwords simply didn't work.  I
rebuilt the whole infrastructure to refer back to the replication master and
added pam_password exop to the ldap.conf files.  Now changing passwords
works... sort of.  When changing a password, it prompts for the password and
the new password, and dutifully changes it on the server, gets the referral
back, tries to follow it - and the server says "invalid credentials" and
refuses to do the change.  So I end up with our servers out of sync - the
new password on the slave server and the old server still thinking it has
the old password.  Obviously that's not acceptable.

I tried exop_send_old, it doesn't do any better.  I'm running the latest
version of nss_ldap.  Anyone have any suggestions as to why the slave
servers are allowing the credentials but the master isn't?

Thanks,

--Russell
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20080813/13ceb2cc/attachment.html>