Hi, I want to establish communication between two ldap servers at different machines. For this i have used "ref attribute of ldap" by using this attribute, i am able to retrieve entries of second ldap server. Means i can read or search entries of second server from first ldap server. But the problem comes when i want to modify any attribute of an entry of second server from the first server. Definitely i am having some access permissions related error. Here i am attaching slapd.conf files of both ldap servers. *First Server* *slapd.conf:* # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /usr/local/etc/openldap/schema/core.schema include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/inetorgperson.schema include /usr/local/etc/openldap/schema/nis.schema include /usr/local/etc/openldap/schema/gfsUserManage.schema include /usr/local/etc/openldap/schema/gfsFileMetaData.schema # Define global ACLs to disable default read access. # Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org pidfile /usr/local/var/run/slapd.pid argsfile /usr/local/var/run/slapd.args # Load dynamic backend modules: # modulepath /usr/local/libexec/openldap # moduleload back_bdb.la # moduleload back_ldap.la # moduleload back_ldbm.la # moduleload back_passwd.la # moduleload back_shell.la # Sample access control policy: # Root DSE: allow anyone to write it # Subschema (sub)entry DSE: allow anyone to write it #Other DSEs: allow update_anon # Allow * write access # Allow authenticated users read access # Allow anonymous users to authenticate # Directives needed to implement policy: access to * by * write ####################################################################### # BDB database definitions ####################################################################### database bdb suffix "dc=cdac,dc=in" rootdn "cn=Manager,dc=cdac,dc=in" rootpw secret index objectClass eq *access to * by * write* -------------------------------------------------------------------------------------------------------------------------------- *Second server's slapd.conf:* # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /usr/local/etc/openldap/schema/core.schema include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/inetorgperson.schema include /usr/local/etc/openldap/schema/gfsUserManage.schema include /usr/local/etc/openldap/schema/gfsFileMetaData.schema # Define global ACLs to disable default read access. # Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. pidfile /usr/local/var/run/slapd.pid argsfile /usr/local/var/run/slapd.args ####################################################################### # BDB database definitions ####################################################################### database bdb suffix "dc=cdac,dc=in" rootdn "cn=Manager,dc=cdac,dc=in" rootpw secret directory /usr/local/var/gfsMetaData index objectClass eq *access to * by * write* ----------------------------------------------------------------------------------------------------------------------------- ----------------------------------------------------------------------------------------------------------------------------- *FIRST LADP SERVER DN*: fn=test_ref,fn=bioinfo,fn=gstorage,fn=gfs,dc=cdac,dc=in where *test_ref* is having *ref* attribute dn: fn=test_ref,fn=bioinfo,fn=gstorage,fn=gfs,dc=cdac,dc=in objectClass: referral objectClass: extensibleObject fn: test_ref ref: ldap://192.168.5.243/fn=test_ref,dc=cdac,dc=in *NOW SECOND LDAP SERVER is having DN*: dn: fn=test1,fn=test_ref,dc=cdac,dc=in Now i want to delete "*fn=test1,fn=test_ref,dc=cdac,dc=in*" this entry. I have used ldap command line tool "*ldapdelete*" and executed this tool on *first LDAP machine*. Then the result of command is: **[root@tapti LDIF]# ldapdelete -x -h "tapti" -D "cn=Manager,dc=cdac,dc=in" \"fn=test1,fn=test_ref,fn=bioinfo,fn=gstorage,fn=gfs,dc=cdac,dc=in" -w "secret" ldap_delete: Referral (10) matched DN: fn=test_ref,fn=bioinfo,fn=gstorage,fn=gfs,dc=cdac,dc=in referrals: ldap:// 192.168.5.243/fn=test1,fn=test_ref,fn=bioinfo,fn=gstorage,fn=gfs,dc=cdac,dc=in *And slapd debug statements:* do_bind ber_scanf fmt ({imt) ber: ber_scanf fmt (m}) ber: <<< dnPrettyNormal: <cn=Manager,dc=cdac,dc=in>, <cn=manager,dc=cdac,dc=in> do_bind: version=3 dn="cn=Manager,dc=cdac,dc=in" method=128 do_bind: v3 bind: "cn=Manager,dc=cdac,dc=in" to "cn=Manager,dc=cdac,dc=in" send_ldap_result: conn=2 op=0 p=3 send_ldap_response: msgid=1 tag=97 err=0 ber_flush: 14 bytes to sd 11 connection_get(11): got connid=2 connection_read(11): checking for input on id=2 ber_get_next ber_get_next: tag 0x30 len 69 contents: ber_get_next do_delete ber_scanf fmt (m) ber: <fn=test1,fn=test_ref,fn=bioinfo,fn=gstorage,fn=gfs,dc=cdac,dc=in> <<< dnPrettyNormal: <fn=test1,fn=test_ref,fn=bioinfo,fn=gstorage,fn=gfs,dc=cdac,dc=in>, <fn=test1,fn=test_ref,fn=bioinfo,fn=gstorage,fn=gfs,dc=cdac,dc=in> bdb_dn2entry("fn=test1,fn=test_ref,fn=bioinfo,fn=gstorage,fn=gfs,dc=cdac,dc=in") => bdb_dn2id("fn=test1,fn=test_ref,fn=bioinfo,fn=gstorage,fn=gfs,dc=cdac,dc=in") <= bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30990) bdb_referrals: op=74 target="fn=test1,fn=test_ref,fn=bioinfo,fn=gstorage,fn=gfs,dc=cdac,dc=in" matched="fn=test_ref,fn=bioinfo,fn=gstorage,fn=gfs,dc=cdac,dc=in" ldap_url_parse_ext(ldap://192.168.5.243/fn=test_ref,dc=cdac,dc=in) send_ldap_result: conn=2 op=1 p=3 send_ldap_response: msgid=2 tag=107 err=10 ber_flush: 160 bytes to sd 11 connection_get(11): got connid=2 connection_read(11): checking for input on id=2 ber_get_next ber_get_next: tag 0x30 len 5 contents: ber_get_next do_unbind connection_closing: readying conn=2 sd=11 for close connection_resched: attempting closing conn=2 sd=11 connection_close: conn=2 sd=11 * ----------------------------------------------------------------------------------------------------------------------------------------- * Please do me a favour suggest any solution as soon as possible through which i can update slave ldap server entries from master ldap server. -- Rakesh Yadav Pune.