Ulf Weltman wrote: > Richard Megginson wrote: > >> ILoveJython wrote: >> >>> I have read the document: >>> >>> Howto:ChainOnUpdate - Fedora Directory Server >>> <http://directory.fedora.redhat.com/wiki/Howto:ChainOnUpdate> >>> >>> and have been unable to get it to work. When I attempt a write to >>> the consumer it makes the change on the >>> consumer and does not update the master. >> >> >> >> This is bad. If the consumer is configured to be a read only >> consumer you should not be able to make a change on it. You should >> either get a referral returned from the consumer to the client >> program which the client program will follow to make the change on >> the master, or, if chain on update is working, you will see the >> operation on the consumer and the same corresponding operation sent >> to the master. >> >>> With the next change on the master of any kind, >>> the mapping tree entry for this suffix changes from "nsslapd-state: >>> backend" to "nsslapd-state: referral on update". >>> Once this state changes, my client complains that it cannot update, >>> since it cannot follow referrals. >> >> >> >> Ulf, you've been able to get this running, right? > > > Yes, I was testing this a few weeks ago with the 7.1 release on > HP-UX. It was configured with the instructions in the wiki document > with a minor change to a malformed ACI (but that shouldn't cause this > problem): > http://directory.fedora.redhat.com/wiki?title=Howto%3AChainOnUpdate&diff=0&oldid=2794 > > > There was also a minor issue with a spurious warning being logged. It > doesn't cause any harm, just an inconvenience: > https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=176293 > > Danney, can you paste us these entries from your consumer's dse.ldif? > dn: cn="{your replicated suffix}", cn=mapping tree, cn=config > dn: cn=replica, cn="{your replicated suffix}", cn=mapping tree, cn=config > dn: cn=config, cn=chaining database, cn=plugins, cn=config > dn: cn={name of your chaining backend}, cn=chaining database, > cn=plugins, cn=config > > In the fourth one you can blank out the "nsmultiplexorcredentials" > value before you send it. > >> >>> >>> In addition, there are no log entries on the master to indicate any >>> activity back from the consumer to the master, i.e. >>> a proxy login. >>> >>> ------------------------------------------------------------------------ >>> >>> >>> -- >>> Fedora-directory-users mailing list >>> Fedora-directory-users at redhat.com >>> https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >>> >> ------------------------------------------------------------------------ >> >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users at redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > When I could not get it to work, I removed everything. I repeated the process with the values I used and they are below. dn: cn="ou=CDE,o=FSL",cn=mapping tree, cn=config objectClass: top objectClass: extensibleObject objectClass: nsMappingTree nsslapd-state: backend cn: "ou=CDE,o=FSL" cn: ou=CDE,o=FSL nsslapd-parent-suffix: "o=FSL" nsslapd-backend: CDE creatorsName: cn=directory manager modifiersName: cn=directory manager createTimestamp: 20060104155644Z modifyTimestamp: 20060104164545Z nsslapd-distribution-plugin: /var/fedora/servers/lib/replication-plugin.so nsslapd-distribution-funct: repl_chain_on_update numSubordinates: 1 nsslapd-referral: ldap://vs31-tx32.am.freescale.net:389/ou%3DCDE%2Co%3DFSL dn: cn="ou=CDE,o=FSL",cn=mapping tree, cn=config objectClass: top objectClass: extensibleObject objectClass: nsMappingTree nsslapd-state: backend cn: "ou=CDE,o=FSL" cn: ou=CDE,o=FSL nsslapd-parent-suffix: "o=FSL" nsslapd-backend: CDE creatorsName: cn=directory manager modifiersName: cn=directory manager createTimestamp: 20060104155644Z modifyTimestamp: 20060104164545Z nsslapd-distribution-plugin: /var/fedora/servers/lib/replication-plugin.so nsslapd-distribution-funct: repl_chain_on_update numSubordinates: 1 nsslapd-referral: ldap://vs31-tx32.am.freescale.net:389/ou%3DCDE%2Co%3DFSL dn: cn=chaining database,cn=plugins,cn=config cn: chaining database nsslapd-pluginDescription: LDAP chaining backend database plugin nsslapd-pluginEnabled: on nsslapd-pluginId: chaining database nsslapd-pluginInitfunc: chaining_back_init nsslapd-pluginPath: /var/fedora/servers/lib/chainingdb-plugin.so nsslapd-pluginType: database nsslapd-pluginVendor: Fedora Project nsslapd-pluginVersion: 7.1 objectClass: top objectClass: nsSlapdPlugin objectClass: extensibleObject creatorsName: cn=directory manager modifiersName: cn=directory manager createTimestamp: 20051220230831Z modifyTimestamp: 20051220230831Z numSubordinates: 4 dn: cn=CDE,cn=chaining database,cn=plugins,cn=config nschecklocalaci: on nsslapd-suffix: ou=CDE,o=FSL objectClass: top objectClass: extensibleObject nsmultiplexorbinddn: cn=Replication Manager,cn=replication,cn=config nsfarmserverurl: ldap://vs31-tx32:389/ou=CDE,o=FSL cn: CDE nsmultiplexorcredentials: {DES}MY_VALUE_GOES_HERE creatorsName: cn=directory manager modifiersName: cn=directory manager createTimestamp: 20060104162022Z modifyTimestamp: 20060104162022Z
