Thanks for answer,
With updateref after syncrepl
slave slapd.conf
syncrepl rid=000
provider=ldap://ldap-v000
type=refreshAndPersist
retry="5 5 300 +"
searchbase="dc=mydomain,dc=mydomain2,dc=fr"
attrs="*,+"
bindmethod=simple
binddn="cn=replication_ldap,dc=mydomain,dc=mydomain2,dc=fr"
credentials=secret
updateref "ldap://ldap-v000/"
master slapd.conf
access to attrs=userPassword
by dn="cn=Manager,dc=mydomain,dc=mydomain2,dc=fr" write
by dn="cn=samba,dc=mydomain,dc=mydomain2,dc=fr" write
by dn.base="cn=replication_ldap,dc=mydomain,dc=mydomain2,dc=fr" write
by self write
by * none
I have LDAP password information update failed: Referral
passwd
Changing password for user paul-pierre.brun.
Enter login(LDAP) password:
New UNIX password:
Retype new UNIX password:
LDAP password information update failed: Referral
passwd: Permission denied
Nothing in master ldap log
In slave ldap log
Jun 5 12:51:34 ldap-v002 slapd[18734]: conn=2 op=2 SRCH base="dc=mydomain,dc=mydomain2,dc=fr" scope=2 deref=0 filter="(&(objectClass=ipHost)(cn=ldap-v000))"
Jun 5 12:51:35 ldap-v002 slapd[18734]: conn=2 op=2 SRCH attr=cn ipHostNumber
Jun 5 12:51:35 ldap-v002 slapd[18734]: ==> limits_get: conn=2 op=2 self="[anonymous]" this="dc=mydomain,dc=mydomain2,dc=fr"
Jun 5 12:51:35 ldap-v002 slapd[18734]: => bdb_search
Jun 5 12:51:35 ldap-v002 slapd[18734]: bdb_dn2entry("dc=mydomain,dc=mydomain2,dc=fr")
Jun 5 12:51:35 ldap-v002 slapd[18734]: => access_allowed: search access to "dc=mydomain,dc=mydomain2,dc=fr" "entry" requested
Jun 5 12:51:35 ldap-v002 slapd[18734]: => acl_get: [1] attr entry
Jun 5 12:51:35 ldap-v002 slapd[18734]: => slap_access_allowed: result not in cache (entry)
Jun 5 12:51:35 ldap-v002 slapd[18734]: => acl_mask: access to entry "dc=mydomain,dc=mydomain2,dc=fr", attr "entry" requested
Jun 5 12:51:35 ldap-v002 slapd[18734]: => acl_mask: to all values by "", (=0)
Jun 5 12:51:35 ldap-v002 slapd[18734]: <= check a_dn_pat: cn=manager,dc=mydomain,dc=mydomain2,dc=fr
Jun 5 12:51:35 ldap-v002 slapd[18734]: <= check a_dn_pat: cn=samba,dc=mydomain,dc=mydomain2,dc=fr
Jun 5 12:51:35 ldap-v002 slapd[18734]: <= check a_dn_pat: cn=replication_ldap,dc=mydomain,dc=mydomain2,dc=fr
Jun 5 12:51:35 ldap-v002 slapd[18734]: <= check a_dn_pat: self
Jun 5 12:51:35 ldap-v002 slapd[18734]: <= check a_dn_pat: *
Jun 5 12:51:35 ldap-v002 slapd[18734]: <= acl_mask: [5] applying read(=rscxd) (stop)
Jun 5 12:51:35 ldap-v002 slapd[18734]: <= acl_mask: [5] mask: read(=rscxd)
Jun 5 12:51:35 ldap-v002 slapd[18734]: => slap_access_allowed: search access granted by read(=rscxd)
Jun 5 12:51:35 ldap-v002 slapd[18734]: => access_allowed: search access granted by read(=rscxd)
Jun 5 12:51:35 ldap-v002 slapd[18734]: search_candidates: base="dc=mydomain,dc=mydomain2,dc=fr" (0x00000001) scope=2
Jun 5 12:51:35 ldap-v002 slapd[18734]: => bdb_dn2idl("dc=mydomain,dc=mydomain2,dc=fr")
Jun 5 12:51:35 ldap-v002 slapd[18734]: => bdb_filter_candidates
Jun 5 12:51:35 ldap-v002 slapd[18734]: AND
Jun 5 12:51:35 ldap-v002 slapd[18734]: => bdb_list_candidates 0xa0
Jun 5 12:51:35 ldap-v002 slapd[18734]: => bdb_filter_candidates
Jun 5 12:51:35 ldap-v002 slapd[18734]: OR
Jun 5 12:51:35 ldap-v002 slapd[18734]: => bdb_list_candidates 0xa1
Jun 5 12:51:35 ldap-v002 slapd[18734]: => bdb_filter_candidates
Jun 5 12:51:35 ldap-v002 slapd[18734]: EQUALITY
Jun 5 12:51:35 ldap-v002 slapd[18734]: => bdb_equality_candidates (objectClass)
Jun 5 12:51:35 ldap-v002 slapd[18734]: => key_read
Jun 5 12:51:35 ldap-v002 slapd[18734]: bdb_idl_fetch_key: [b49d1940]
Jun 5 12:51:35 ldap-v002 slapd[18734]: <= bdb_index_read: failed (-30989)
Jun 5 12:51:35 ldap-v002 slapd[18734]: <= bdb_equality_candidates: id=0, first=0, last=0
Jun 5 12:51:35 ldap-v002 slapd[18734]: <= bdb_filter_candidates: id=0 first=0 last=0
Jun 5 12:51:35 ldap-v002 slapd[18734]: => bdb_filter_candidates
Jun 5 12:51:35 ldap-v002 slapd[18734]: AND
Jun 5 12:51:35 ldap-v002 slapd[18734]: => bdb_list_candidates 0xa0
Jun 5 12:51:35 ldap-v002 slapd[18734]: => bdb_filter_candidates
Jun 5 12:51:35 ldap-v002 slapd[18734]: EQUALITY
Jun 5 12:51:35 ldap-v002 slapd[18734]: => bdb_equality_candidates (objectClass)
Jun 5 12:51:35 ldap-v002 slapd[18734]: => key_read
Jun 5 12:51:35 ldap-v002 slapd[18734]: bdb_idl_fetch_key: [7ec2180d]
Jun 5 12:51:35 ldap-v002 slapd[18734]: <= bdb_index_read 6 candidates
Jun 5 12:51:35 ldap-v002 slapd[18734]: <= bdb_equality_candidates: id=6, first=15, last=21
Jun 5 12:51:35 ldap-v002 slapd[18734]: <= bdb_filter_candidates: id=6 first=15 last=21
Jun 5 12:51:36 ldap-v002 slapd[18734]: => bdb_filter_candidates
Jun 5 12:51:36 ldap-v002 slapd[18734]: EQUALITY
Jun 5 12:51:36 ldap-v002 slapd[18734]: => bdb_equality_candidates (cn)
Regards
----- Mail Original -----
De: masarati(a)aero.polimi.it
À: "paulpierre brun" <paulpierre.brun(a)free.fr>
Cc: openldap-technical(a)openldap.org
Envoyé: Jeudi 4 Juin 2009 17h03:05 GMT +01:00 Amsterdam / Berlin / Berne / Rome / Stockholm / Vienne
Objet: Re: LDAP password information update failed: Server is unwilling to perform shadow context; no update referral
>
> Objet: LDAP password information update failed: Server is unwilling to
> perform shadow context; no update referral
>
>
> Hello,
> I try to change password on customer, to a referal thru a overlay chain
> config.
> I have answer LDAP password information update failed: Server is unwilling
> to perform.
> OS REDHAT 5.2.
> openldap openldap-2.4.16
>
> could you help me ?
The message looks pretty self explanatory. You don't post the whole
config, so it's hard to tell, but the database the update is trying to
modify should contain an "updateref" statement, and according to the error
message this is not present. slapo-chain(5) can chain databases by
chasing referrals only when referrals are returned.
p.