Hello,
I have been trying to configure my slave ldap servers to send changes to the master servers.
From what I have been able to understand from previous mailing lists and various google searches I need to configure and olcUpdateref on the salve and then add the chaining overlay (I think it should be on the olcDatabase{-1}frontend database from everything
I have read however slaptest using openldap-2.4.36 slapd-chain2.conf as the seed generates the overlay atop of the declared database…)
Everything I have been trying results in a failure:
ldap_modify: Server is unwilling to perform (53)
additional info: operation restricted
I cannot for the life of me figure out what needs to be done to enable this.
Any help would be appreciated, my ldifs are included below.
-Russell J. Jancewicz
University of Connecticut
dn: olcDatabase={1}mdb,cn=config
…
olcUpdateref: ldap://master.example.com
…
dn: olcOverlay={0}chain,olcDatabase={-1}frontend,cn=config
objectClass: olcOverlayConfig
objectClass: olcChainConfig
olcOverlay: {0}chain
olcChainCacheURI: FALSE
olcChainMaxReferralDepth: 1
olcChainReturnError: FALSE
dn: olcDatabase=ldap,olcOverlay={0}chain,olcDatabase={-1}frontend,cn=config
objectClass: olcLDAPConfig
objectClass: olcChainDatabase
olcDatabase: ldap
olcDbURI: "ldap://master.example.com"
olcDbStartTLS: start starttls=no
olcDbIDAssertBind: mode=self flags=prescriptive,proxy-authz-non-critical bindmethod=simple timeout=0 network-timeout=0 binddn="cn=admin,dc=example,dc=com" credentials="<SECRET>" keepalive=0:0:0
olcDbIDAssertAuthzFrom: *
olcDbRebindAsUser: FALSE
olcDbChaseReferrals: TRUE
olcDbTFSupport: no
olcDbProxyWhoAmI: FALSE
olcDbProtocolVersion: 3
olcDbSingleConn: FALSE
olcDbCancel: abandon
olcDbUseTemporaryConn: FALSE
olcDbConnectionPoolMax: 16
olcDbSessionTrackingRequest: FALSE
olcDbNoRefs: FALSE
olcDbNoUndefFilter: FALSE
olcDbOnErr: continue
olcDbKeepalive: 0:0:0