I actually ran the following command:

sudo ldapmodify -x -D'cn=admin,dc=domain,dc=tld' -W -f idx.ldif

idx.ldif is just a simple olcDbIndex for testing purpose as such:

dn: olcDatabase={1}hdb,cn=config changetype: modify add: olcDbIndex # posixAccount olcDbIndex: cn eq

M.L.

On Thursday, November 21, 2013 8:34 PM, Quanah Gibson-Mount quanah@zimbra.com wrote:

--On Thursday, November 21, 2013 11:09 AM -0800 ML mail

mlnospam@yahoo.com wrote:

Hello,

I am using two OpenLDAP 2.4.31 servers with delta-syncrepl as replication method. So far everything works perfectly but I was wondering how I can modify cn=config settings on the consumer. For instance I would like to add new indexes (olcDbIndex) on the consumer to my replicated HDB database but this fails as you can see here:

ldap_modify: Server is unwilling to perform (53)     additional info: shadow context; no update referral

What ldapmodify command did you actually run?

--Quanah

--

Quanah Gibson-Mount Architect - Server Zimbra, Inc. -------------------- Zimbra ::  the leader in open source messaging and collaboration

After checking the whole cn=config I found that I have 2 olcRootDNs:

dn: olcDatabase={0}config,cn=config olcRootDN: cn=admin,cn=config

dn: olcDatabase={1}hdb,cn=config olcRootDN: cn=admin,dc=domain,dc=tld

I presume you mean the first olcRootDN of the cn=config right? because I can't use that one as I don't have any password set for it. How can I use it?

I also tried to use ldapi:// as root like this:

sudo ldapmodify -Y EXTERNAL -H ldapi:/// -f idx.ldif

but that did not work neither.

Thanks, M.L.

On Thursday, November 21, 2013 9:24 PM, Quanah Gibson-Mount quanah@zimbra.com wrote:

--On Thursday, November 21, 2013 11:44 AM -0800 ML mail mlnospam@yahoo.com wrote:

I actually ran the following command:

sudo ldapmodify -x -D'cn=admin,dc=domain,dc=tld' -W -f idx.ldif

This does not look like the rootdn for the cn=config db.

--Quanah

--

Quanah Gibson-Mount Architect - Server Zimbra, Inc. -------------------- Zimbra ::  the leader in open source messaging and collaboration

Well actually I am using nearly the same configuration as explained on openldap.org: http://www.openldap.org/doc/admin24/replication.html#Delta-syncrepl

The only thing I have added is the replication of the cn=schema,cn=config so that I don't need to keep schemas in sync myself:

dn: olcDatabase={0}config,cn=config changetype: modify add: olcAccess olcAccess: to dn.subtree="cn=schema,cn=config" by dn="cn=replicator,ou=ldapusers,dc=domain,dc=tld" read

dn: olcOverlay=syncprov,olcDatabase={0}config,cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: syncprov

So maybe the problem resides somewhere in these few additional lines. Do you see anything wrong here or anything to correct?

Thanks M.L.

On Thursday, November 21, 2013 9:22 PM, Christian Kratzer ck-lists@cksoft.de wrote:

Hi,

On Thu, 21 Nov 2013, ML mail wrote:

Hello,

I am using two OpenLDAP 2.4.31 servers with delta-syncrepl as replication method. So far everything works perfectly but I was wondering how I can modify cn=config settings on the consumer. For instance I would like to add new indexes (olcDbIndex) on the consumer to my replicated HDB database but this fails as you can see here:

ldap_modify: Server is unwilling to perform (53)     additional info: shadow context; no update referral

I understand that it does not want me to modify any settings on my consumer but I was thinking this should be possible no? If not this means if I want to change a setting on the consumer I need to delete my whole database on the consumer configure it and add replication again.

Looks like you are you also replicating cn=config.

It appears you have 3 options:

1) Do not replicate cn=config and allow individual changes at each node.

2) Replicate cn=config to all servers and modify cn=config on the provider.

3) Use multimaster replication or configure referrals and perhaups   chaining to allow changes on each node.

Greetings Christian