- Debian OpenLDAP 2.4.39 using back_mdb
- delta-syncrepl master->multiple slaves (lightning fast and has worked
great for many years)
- the client running on each slave and causing the problem is Horde
using the php-ldap client (PHP 5.6).
Horde is configured to use the slave/localhost LDAP replica and we are
hoping to use updateref and chain overlay to write to the master and
read from the localhost slave.
Our slapd.conf global config has:
...
moduleload back_ldap
overlay chain
chain-uri ldap://ldap.ironicdesign.com/
chain-idassert-bind bindmethod="simple"
binddn="root dn"
credentials=<root pwd>
mode="self"
chain-return-error TRUE
...
And after the syncrepl setup, the last line of slapd.conf defines updateref.
...
updateref ldap://ldap.ironicdesign.com/
So, the problem comes when we add an address book contact to be stored
in LDAP. The contact is written successfully to the LDAP master, but
then Horde/php-ldap tries to get/read the new contact and of course it
is not on our localhost slave yet, so the "get" fails.
I noted in the OpenLDAP docs, "12.3.4. Read-Back of Chained
Modifications", where it discusses using the "dontusecopy" control in
the client to prevent this problem, but I can find no reference to
setting this "dontusecopy" control anywhere in the PHP-ldap client or
any other client for that matter.
Has anyone ever used the "dontusecopy" control and if so, would you mind
terribly telling us how/where you used it?
Thanks for any insights.
--
Andy Dorman
