Hi all,
Although I've figured out the basics of synchronization between providers and consumers, I'm not yet clear about one aspect from the client's perspective.
In particular, if you've set up an LDAP consumer server with a synchronized, read-only copy of the DIT to service a particular group of clients, and you've configured those clients* to use that consumer server for all of their directory queries, how do those clients know where to find the correct provider in case it becomes necessary for them to write to the DIT (e.g. to change a password)?
Thanks,
Jaap
*) With the URI option in /etc/ldap/ldap.conf
Jaap Winius jwinius@umrk.nl writes:
Hi all,
Although I've figured out the basics of synchronization between providers and consumers, I'm not yet clear about one aspect from the client's perspective.
In particular, if you've set up an LDAP consumer server with a synchronized, read-only copy of the DIT to service a particular group of clients, and you've configured those clients* to use that consumer server for all of their directory queries, how do those clients know where to find the correct provider in case it becomes necessary for them to write to the DIT (e.g. to change a password)?
Clients trying to write to a consumer get a referral response, which is defined as updateref in slapd,conf. But quite q few clients don't know how to handle referrals, for this you may configure slapdo-chain(5).
-Dieter
On Tuesday, 22 December 2009 14:57:14 Dieter Kluenter wrote:
Jaap Winius jwinius@umrk.nl writes:
Hi all,
Although I've figured out the basics of synchronization between providers and consumers, I'm not yet clear about one aspect from the client's perspective.
In particular, if you've set up an LDAP consumer server with a synchronized, read-only copy of the DIT to service a particular group of clients, and you've configured those clients* to use that consumer server for all of their directory queries, how do those clients know where to find the correct provider in case it becomes necessary for them to write to the DIT (e.g. to change a password)?
Clients trying to write to a consumer get a referral response, which is defined as updateref in slapd,conf. But quite q few clients don't know how to handle referrals,
The most important ones (pam_ldap, samba) do.
Regards, Buchan
openldap-technical@openldap.org
-
Buchan Milne -
Dieter Kluenter -
Jaap Winius