Re: LDAP password information update failed: Server is unwilling to perform shadow context; no update referral

Thanks for answer,

With updateref after syncrepl slave slapd.conf

syncrepl rid=000 provider=ldap://ldap-v000 type=refreshAndPersist retry="5 5 300 +" searchbase="dc=mydomain,dc=mydomain2,dc=fr" attrs="*,+" bindmethod=simple binddn="cn=replication_ldap,dc=mydomain,dc=mydomain2,dc=fr" credentials=secret

updateref "ldap://ldap-v000/"

master slapd.conf access to attrs=userPassword by dn="cn=Manager,dc=mydomain,dc=mydomain2,dc=fr" write by dn="cn=samba,dc=mydomain,dc=mydomain2,dc=fr" write by dn.base="cn=replication_ldap,dc=mydomain,dc=mydomain2,dc=fr" write by self write by * none

I have LDAP password information update failed: Referral

passwd Changing password for user paul-pierre.brun. Enter login(LDAP) password: New UNIX password: Retype new UNIX password: LDAP password information update failed: Referral

passwd: Permission denied

Nothing in master ldap log

In slave ldap log

Jun 5 12:51:34 ldap-v002 slapd[18734]: conn=2 op=2 SRCH base="dc=mydomain,dc=mydomain2,dc=fr" scope=2 deref=0 filter="(&(objectClass=ipHost)(cn=ldap-v000))" Jun 5 12:51:35 ldap-v002 slapd[18734]: conn=2 op=2 SRCH attr=cn ipHostNumber Jun 5 12:51:35 ldap-v002 slapd[18734]: ==> limits_get: conn=2 op=2 self="[anonymous]" this="dc=mydomain,dc=mydomain2,dc=fr" Jun 5 12:51:35 ldap-v002 slapd[18734]: => bdb_search Jun 5 12:51:35 ldap-v002 slapd[18734]: bdb_dn2entry("dc=mydomain,dc=mydomain2,dc=fr") Jun 5 12:51:35 ldap-v002 slapd[18734]: => access_allowed: search access to "dc=mydomain,dc=mydomain2,dc=fr" "entry" requested Jun 5 12:51:35 ldap-v002 slapd[18734]: => acl_get: [1] attr entry Jun 5 12:51:35 ldap-v002 slapd[18734]: => slap_access_allowed: result not in cache (entry) Jun 5 12:51:35 ldap-v002 slapd[18734]: => acl_mask: access to entry "dc=mydomain,dc=mydomain2,dc=fr", attr "entry" requested Jun 5 12:51:35 ldap-v002 slapd[18734]: => acl_mask: to all values by "", (=0) Jun 5 12:51:35 ldap-v002 slapd[18734]: <= check a_dn_pat: cn=manager,dc=mydomain,dc=mydomain2,dc=fr Jun 5 12:51:35 ldap-v002 slapd[18734]: <= check a_dn_pat: cn=samba,dc=mydomain,dc=mydomain2,dc=fr Jun 5 12:51:35 ldap-v002 slapd[18734]: <= check a_dn_pat: cn=replication_ldap,dc=mydomain,dc=mydomain2,dc=fr Jun 5 12:51:35 ldap-v002 slapd[18734]: <= check a_dn_pat: self Jun 5 12:51:35 ldap-v002 slapd[18734]: <= check a_dn_pat: * Jun 5 12:51:35 ldap-v002 slapd[18734]: <= acl_mask: [5] applying read(=rscxd) (stop) Jun 5 12:51:35 ldap-v002 slapd[18734]: <= acl_mask: [5] mask: read(=rscxd) Jun 5 12:51:35 ldap-v002 slapd[18734]: => slap_access_allowed: search access granted by read(=rscxd) Jun 5 12:51:35 ldap-v002 slapd[18734]: => access_allowed: search access granted by read(=rscxd) Jun 5 12:51:35 ldap-v002 slapd[18734]: search_candidates: base="dc=mydomain,dc=mydomain2,dc=fr" (0x00000001) scope=2 Jun 5 12:51:35 ldap-v002 slapd[18734]: => bdb_dn2idl("dc=mydomain,dc=mydomain2,dc=fr") Jun 5 12:51:35 ldap-v002 slapd[18734]: => bdb_filter_candidates Jun 5 12:51:35 ldap-v002 slapd[18734]: AND Jun 5 12:51:35 ldap-v002 slapd[18734]: => bdb_list_candidates 0xa0 Jun 5 12:51:35 ldap-v002 slapd[18734]: => bdb_filter_candidates Jun 5 12:51:35 ldap-v002 slapd[18734]: OR Jun 5 12:51:35 ldap-v002 slapd[18734]: => bdb_list_candidates 0xa1 Jun 5 12:51:35 ldap-v002 slapd[18734]: => bdb_filter_candidates Jun 5 12:51:35 ldap-v002 slapd[18734]: EQUALITY Jun 5 12:51:35 ldap-v002 slapd[18734]: => bdb_equality_candidates (objectClass) Jun 5 12:51:35 ldap-v002 slapd[18734]: => key_read Jun 5 12:51:35 ldap-v002 slapd[18734]: bdb_idl_fetch_key: [b49d1940] Jun 5 12:51:35 ldap-v002 slapd[18734]: <= bdb_index_read: failed (-30989) Jun 5 12:51:35 ldap-v002 slapd[18734]: <= bdb_equality_candidates: id=0, first=0, last=0 Jun 5 12:51:35 ldap-v002 slapd[18734]: <= bdb_filter_candidates: id=0 first=0 last=0 Jun 5 12:51:35 ldap-v002 slapd[18734]: => bdb_filter_candidates Jun 5 12:51:35 ldap-v002 slapd[18734]: AND Jun 5 12:51:35 ldap-v002 slapd[18734]: => bdb_list_candidates 0xa0 Jun 5 12:51:35 ldap-v002 slapd[18734]: => bdb_filter_candidates Jun 5 12:51:35 ldap-v002 slapd[18734]: EQUALITY Jun 5 12:51:35 ldap-v002 slapd[18734]: => bdb_equality_candidates (objectClass) Jun 5 12:51:35 ldap-v002 slapd[18734]: => key_read Jun 5 12:51:35 ldap-v002 slapd[18734]: bdb_idl_fetch_key: [7ec2180d] Jun 5 12:51:35 ldap-v002 slapd[18734]: <= bdb_index_read 6 candidates Jun 5 12:51:35 ldap-v002 slapd[18734]: <= bdb_equality_candidates: id=6, first=15, last=21 Jun 5 12:51:35 ldap-v002 slapd[18734]: <= bdb_filter_candidates: id=6 first=15 last=21 Jun 5 12:51:36 ldap-v002 slapd[18734]: => bdb_filter_candidates Jun 5 12:51:36 ldap-v002 slapd[18734]: EQUALITY Jun 5 12:51:36 ldap-v002 slapd[18734]: => bdb_equality_candidates (cn)

Regards

----- Mail Original ----- De: masarati@aero.polimi.it À: "paulpierre brun" paulpierre.brun@free.fr Cc: openldap-technical@openldap.org Envoyé: Jeudi 4 Juin 2009 17h03:05 GMT +01:00 Amsterdam / Berlin / Berne / Rome / Stockholm / Vienne Objet: Re: LDAP password information update failed: Server is unwilling to perform shadow context; no update referral

Objet: LDAP password information update failed: Server is unwilling to perform shadow context; no update referral

Hello, I try to change password on customer, to a referal thru a overlay chain config. I have answer LDAP password information update failed: Server is unwilling to perform. OS REDHAT 5.2. openldap openldap-2.4.16

could you help me ?

The message looks pretty self explanatory. You don't post the whole config, so it's hard to tell, but the database the update is trying to modify should contain an "updateref" statement, and according to the error message this is not present. slapo-chain(5) can chain databases by chasing referrals only when referrals are returned.

p.