Hi, I have : - a ldap referal server openldap-2.4.16 compile as ./configure —prefix= —enable-overlays —enable-ppolicy —enable-rwm —enable-bdb —enable-crypt. - a replicate openldap 2.3.27-8.el5_1.3,
When I try to change a password for a customer, for te referal i have in log file May 25 10:52:38 ldap-v000 slapd[26539]: conn=0 fd=15 ACCEPT from IP=10.xxx.xx.xx:56813 (IP=0.0.0.0:389) May 25 10:52:38 ldap-v000 slapd[26539]: connection_get(15) May 25 10:52:38 ldap-v000 slapd[26539]: connection_get(15): got connid=0 May 25 10:52:38 ldap-v000 slapd[26539]: connection_read(15): checking for input on id=0 May 25 10:52:38 ldap-v000 slapd[26539]: daemon: activity on 1 descriptor May 25 10:52:38 ldap-v000 slapd[26539]: daemon: activity on:
And referal do nothing else.
For replicat i have in log file
May 25 09:35:19 ldap-v01 slapd[5535]: daemon: listen=10, new connection on 21 May 25 09:35:19 ldap-v01 slapd[5535]: daemon: added 21r May 25 09:35:19 ldap-v01 slapd[5535]: conn=10 fd=21 ACCEPT from IP=10.xxx.xx.xx:46412 (IP=0.0.0.0:636) May 25 09:35:19 ldap-v01 slapd[5535]: daemon: select: listen=7 active_threads=0 tvp=NULL May 25 09:35:19 ldap-v01 slapd[5535]: daemon: select: listen=8 active_threads=0 tvp=NULL May 25 09:35:19 ldap-v01 slapd[5535]: daemon: select: listen=9 active_threads=0 tvp=NULL May 25 09:35:19 ldap-v01 slapd[5535]: daemon: select: listen=10 active_threads=0 tvp=NULL May 25 09:35:19 ldap-v01 slapd[5535]: daemon: activity on 1 descriptor May 25 09:35:19 ldap-v01 slapd[5535]: daemon: activity on: May 25 09:35:19 ldap-v01 slapd[5535]: 21r May 25 09:35:19 ldap-v01 slapd[5535]: May 25 09:35:19 ldap-v01 slapd[5535]: daemon: read active on 21 May 25 09:35:19 ldap-v01 slapd[5535]: connection_get(21) May 25 09:35:19 ldap-v01 slapd[5535]: connection_get(21): got connid=10 May 25 09:35:19 ldap-v01 slapd[5535]: connection_read(21): checking for input on id=10 May 25 09:35:19 ldap-v01 slapd[5535]: daemon: select: listen=7 active_threads=0 tvp=NULL May 25 09:35:19 ldap-v01 slapd[5535]: daemon: select: listen=8 active_threads=0 tvp=NULL May 25 09:35:19 ldap-v01 slapd[5535]: daemon: select: listen=9 active_threads=0 tvp=NULL May 25 09:35:19 ldap-v01 slapd[5535]: daemon: select: listen=10 active_threads=0 tvp=NULL May 25 09:35:19 ldap-v01 slapd[5535]: daemon: activity on 1 descriptor May 25 09:35:19 ldap-v01 slapd[5535]: daemon: activity on: May 25 09:35:19 ldap-v01 slapd[5535]: 21r May 25 09:35:19 ldap-v01 slapd[5535]: May 25 09:35:19 ldap-v01 slapd[5535]: daemon: read active on 21 May 25 09:35:19 ldap-v01 slapd[5535]: connection_get(21) May 25 09:35:19 ldap-v01 slapd[5535]: connection_get(21): got connid=10 May 25 09:35:19 ldap-v01 slapd[5535]: connection_read(21): checking for input on id=10 May 25 09:35:19 ldap-v01 slapd[5535]: connection_read(21): unable to get TLS client DN, error=49 id=10 May 25 09:35:19 ldap-v01 slapd[5535]: conn=10 fd=21 TLS established tls_ssf=256 ssf=256 May 25 09:35:19 ldap-v01 slapd[5535]: daemon: select: listen=7 active_threads=0 tvp=NULL May 25 09:35:19 ldap-v01 slapd[5535]: daemon: select: listen=8 active_threads=0 tvp=NULL May 25 09:35:19 ldap-v01 slapd[5535]: daemon: select: listen=9 active_threads=0 tvp=NULL May 25 09:35:19 ldap-v01 slapd[5535]: daemon: select: listen=10 active_threads=0 tvp=NULL May 25 09:35:19 ldap-v01 slapd[5535]: daemon: activity on 1 descriptor May 25 09:35:19 ldap-v01 slapd[5535]: daemon: activity on: May 25 09:35:19 ldap-v01 slapd[5535]: 21r May 25 09:35:19 ldap-v01 slapd[5535]: May 25 09:35:19 ldap-v01 slapd[5535]: daemon: read active on 21 May 25 09:35:19 ldap-v01 slapd[5535]: connection_get(21) May 25 09:35:19 ldap-v01 slapd[5535]: connection_get(21): got connid=10 May 25 09:35:19 ldap-v01 slapd[5535]: connection_read(21): checking for input on id=10 May 25 09:35:19 ldap-v01 slapd[5535]: ber_get_next on fd 21 failed errno=11 (Resource temporarily unavailable) May 25 09:35:19 ldap-v01 slapd[5535]: daemon: select: listen=7 active_threads=0 tvp=NULL May 25 09:35:20 ldap-v01 slapd[5535]: daemon: select: listen=8 active_threads=0 tvp=NULL May 25 09:35:20 ldap-v01 slapd[5535]: daemon: select: listen=9 active_threads=0 tvp=NULL May 25 09:35:20 ldap-v01 slapd[5535]: daemon: select: listen=10 active_threads=0 tvp=NULL May 25 09:35:20 ldap-v01 slapd[5535]: daemon: activity on 1 descriptor May 25 09:35:20 ldap-v01 slapd[5535]: daemon: activity on:
the response is (Resource temporarily unavailable)
The customer is waiting an answer $ passwd Changing password for user myname. Enter login(LDAP) password: New UNIX password: Retype new UNIX password:
conf file slapd.conf replicat
updatedn "cn=replication_ldap,dc=mydomain,dc=mydomain2,dc=fr" updateref "ldap://10.xxx.xx.xx"
conf file slapd.conf Referal replica uri=ldap://ldap-v01.mydomain:389/ binddn="cn=replication_ldap,dc=mydomain,dc=mydomain2,dc=fr" bindmethod=simple credentials=xxxxx
conf file slapd.conf slapd.conf for referal and replicate are # allow the world read access access to * by dn="cn=Manager,dc=mydomain,dc=mydomain2,dc=fr" write by dn="cn=samba,dc=mydomain,dc=mydomain2,dc=fr" write by dn="cn=replication_ldap,dc=mydomain,dc=mydomain2,dc=fr" read by self write by * read
# access to attrs=userPassword by dn="cn=Manager,dc=mydomain,dc=mydomain2,dc=fr" write by dn="cn=samba,dc=mydomain,dc=mydomain2,dc=fr" write by self write by * none
Anybody can help me ???
--On Monday, May 25, 2009 11:19 AM +0200 paulpierre.brun@free.fr wrote:
Hi, I have :
- a ldap referal server openldap-2.4.16 compile as ./configure —prefix=
—enable-overlays —enable-ppolicy —enable-rwm —enable-bdb —enable-crypt. - a replicate openldap 2.3.27-8.el5_1.3,
When I try to change a password for a customer, for te referal i have in log file May 25 10:52:38 ldap-v000 slapd[26539]: conn=0 fd=15 ACCEPT from IP=10.xxx.xx.xx:56813 (IP=0.0.0.0:389) May 25 10:52:38 ldap-v000 slapd[26539]: connection_get(15) May 25 10:52:38 ldap-v000 slapd[26539]: connection_get(15): got connid=0 May 25 10:52:38 ldap-v000 slapd[26539]: connection_read(15): checking for input on id=0 May 25 10:52:38 ldap-v000 slapd[26539]: daemon: activity on 1 descriptor May 25 10:52:38 ldap-v000 slapd[26539]: daemon: activity on:
And referal do nothing else.
I see several potential issues here.
(a) OpenLDAP 2.3 support for being a 2.4 replica wasn't added until around OpenLDAP 2.3.40, so you can't even do what you're trying to do.
(b) It looks like you are trying to use slurpd replication from 2.4 to 2.3, which isn't going to work given that slurpd was removed from OpenLDAP 2.4.
(c) You're writing changes to the replica, which *correctly* returns a referral to the master. If you don't want this to happen, set up slapo-chain to chain writes from the replica back up to the master.
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
openldap-software@openldap.org
-
paulpierre.brun@free.fr -
Quanah Gibson-Mount