Ulf Weltman wrote:

> Richard Megginson wrote:
>> ILoveJython wrote:
>>> I have read the document:
>>> Howto:ChainOnUpdate - Fedora Directory Server
>>> <http://directory.fedora.redhat.com/wiki/Howto:ChainOnUpdate>
>>> and have been unable to get it to work. When I attempt a write to
>>> the consumer it makes the change on the
>>> consumer and does not update the master.
>> This is bad.  If the consumer is configured to be a read only
>> consumer you should not be able to make a change on it.  You should
>> either get a referral returned from the consumer to the client
>> program which the client program will follow to make the change on
>> the master, or, if chain on update is working, you will see the
>> operation on the consumer and the same corresponding operation sent
>> to the master.
>>> With the next change on the master of any kind,
>>> the mapping tree entry for this suffix changes from "nsslapd-state:
>>> backend" to "nsslapd-state: referral on update".
>>> Once this state changes, my client complains that it cannot update,
>>> since it cannot follow referrals.
>> Ulf, you've been able to get this running, right?
> Yes, I was testing this a few weeks ago with the 7.1 release on
> HP-UX.  It was configured with the instructions in the wiki document
> with a minor change to a malformed ACI (but that shouldn't cause this
> problem):
> http://directory.fedora.redhat.com/wiki?title=Howto%3AChainOnUpdate&diff=0&oldid=2794
> There was also a minor issue with a spurious warning being logged.  It
> doesn't cause any harm, just an inconvenience:
> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=176293
> Danney, can you paste us these entries from your consumer's dse.ldif?
> dn: cn="{your replicated suffix}", cn=mapping tree, cn=config
> dn: cn=replica, cn="{your replicated suffix}", cn=mapping tree, cn=config
> dn: cn=config, cn=chaining database, cn=plugins, cn=config
> dn: cn={name of your chaining backend}, cn=chaining database,
> cn=plugins, cn=config
> In the fourth one you can blank out the "nsmultiplexorcredentials"
> value before you send it.
>>> In addition, there are no log entries on the master to indicate any
>>> activity back from the consumer to the master, i.e.
>>> a proxy login.
>>> ------------------------------------------------------------------------
>>> -- 
>>> Fedora-directory-users mailing list
>>> Fedora-directory-users@redhat.com
>>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>> ------------------------------------------------------------------------
>> -- 
>> Fedora-directory-users mailing list
>> Fedora-directory-users@redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-directory-users
> -- 
> Fedora-directory-users mailing list
> Fedora-directory-users@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users

When I could not get it to work, I removed everything. I repeated the process 
with the
values I used and they are below.

dn: cn="ou=CDE,o=FSL",cn=mapping tree, cn=config
objectClass: top
objectClass: extensibleObject
objectClass: nsMappingTree
nsslapd-state: backend
cn: "ou=CDE,o=FSL"
cn: ou=CDE,o=FSL
nsslapd-parent-suffix: "o=FSL"
nsslapd-backend: CDE
creatorsName: cn=directory manager
modifiersName: cn=directory manager
createTimestamp: 20060104155644Z
modifyTimestamp: 20060104164545Z
nsslapd-distribution-plugin: /var/fedora/servers/lib/replication-plugin.so
nsslapd-distribution-funct: repl_chain_on_update
numSubordinates: 1
nsslapd-referral: ldap://vs31-tx32.am.freescale.net:389/ou%3DCDE%2Co%3DFSL

dn: cn="ou=CDE,o=FSL",cn=mapping tree, cn=config
objectClass: top
objectClass: extensibleObject
objectClass: nsMappingTree
nsslapd-state: backend
cn: "ou=CDE,o=FSL"
cn: ou=CDE,o=FSL
nsslapd-parent-suffix: "o=FSL"
nsslapd-backend: CDE
creatorsName: cn=directory manager
modifiersName: cn=directory manager
createTimestamp: 20060104155644Z
modifyTimestamp: 20060104164545Z
nsslapd-distribution-plugin: /var/fedora/servers/lib/replication-plugin.so
nsslapd-distribution-funct: repl_chain_on_update
numSubordinates: 1
nsslapd-referral: ldap://vs31-tx32.am.freescale.net:389/ou%3DCDE%2Co%3DFSL

dn: cn=chaining database,cn=plugins,cn=config
cn: chaining database
nsslapd-pluginDescription: LDAP chaining backend database plugin
nsslapd-pluginEnabled: on
nsslapd-pluginId: chaining database
nsslapd-pluginInitfunc: chaining_back_init
nsslapd-pluginPath: /var/fedora/servers/lib/chainingdb-plugin.so
nsslapd-pluginType: database
nsslapd-pluginVendor: Fedora Project
nsslapd-pluginVersion: 7.1
objectClass: top
objectClass: nsSlapdPlugin
objectClass: extensibleObject
creatorsName: cn=directory manager
modifiersName: cn=directory manager
createTimestamp: 20051220230831Z
modifyTimestamp: 20051220230831Z
numSubordinates: 4

dn: cn=CDE,cn=chaining database,cn=plugins,cn=config
nschecklocalaci: on
nsslapd-suffix: ou=CDE,o=FSL
objectClass: top
objectClass: extensibleObject
nsmultiplexorbinddn: cn=Replication Manager,cn=replication,cn=config
nsfarmserverurl: ldap://vs31-tx32:389/ou=CDE,o=FSL
cn: CDE
nsmultiplexorcredentials: {DES}MY_VALUE_GOES_HERE
creatorsName: cn=directory manager
modifiersName: cn=directory manager
createTimestamp: 20060104162022Z
modifyTimestamp: 20060104162022Z

Fedora-directory-users mailing list

Reply via email to