Unfortunately, I think the spec is broken here. There's no way for the consumer to record the references it receives, because they're not accompanied by the DN of the entry that triggered the reference. It would have made more sense for the provider to send the references uninterpreted, as regular LDAP entries.
Any suggestions?
-------- Original Message -------- Subject: Re: (ITS#5881) referral problem with refreshAndPersist mode Date: Sat, 24 Jan 2009 05:12:08 GMT From: hyc@symas.com To: openldap-its@openldap.org
joao.alfredo@gmail.com wrote:
Full_Name: João Alfredo Version: 2.4.13 OS: Debian Lenny URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (200.189.117.10)
I am using a refreshAndPersist replication mode on OpenLdap 2.4.13.
When I add referral OU on Master, this entrie is not replicate to Consumer.
My test.ldif: dn: ou=MUNICIPIOS,dc=pr ou: MUNICIPIOS ref: ldap://<IP>/ou=MUNICIPIOS,dc=pr objectClass: referral objectClass: extensibleObject dc: MUNICIPIOS
Logs on consumer side: Jan 8 17:50:15 ecelepar10173 slapd[2722]: do_syncrep2: rid=000 reference received error
Interesting, you've found a bug that has been present since syncrepl's code was first written in 2003. The syncrepl code assumes that it will only receive LDAP entries from the provider. But according to RFC4533, references are supposed to be sent as-is and stored by the consumer. The syncprov overlay obeys the spec and sends references correctly.