Tony Earnshaw wrote:
"Doesn't work" means that I get tag=103 err=10 in the consumer log (loglevel 256), the client gets a referral. No clients on the consumer other than Samba tools understand this, so referrals aren't followed by them.
snip...
I tried to go to pains to point out that the second config stanzas *work*
I could feel your pain, but I just tried, and adding rebind as user stuff didn't alter the behavior I could experience: it worked for authenticated operations, and it didn't for anonymous, unless explicitly letting them thru as already explained.
It's no good telling me that chain-rebind-as-user is useless, when:
Useless in that context. It is useful when automatically chasing referrals, and when idassert is not used.
1: it's documented - though without an explanation - in SLAPO-CHAIN, and
I'll remove it from the examples, since it appears to cause more trouble than necessary.
2: it works ("works" means the referral from the slave is accepted and passed to the master, while a config without it doesn't).
Well, it doesn't here. I suspect the evil is in the details. You should provide producer and consumer slapd.conf, a minimal set of data and an example operation that shows the issue. Possibly thru the ITS, since if the behavior you complain abut is reproducible there's a bug.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.r.l. via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it --------------------------------------- Office: +39 02 23998309 Mobile: +39 333 4963172 Email: pierangelo.masarati@sys-net.it ---------------------------------------