Hmm - there are two entries for dn: cn="ou=CDE,o=FSL",cn=mapping tree, cn=config That's bad. In addition, there is only 1 nsslapd-backend for that suffix - there should be two - one for the 'local' backend which is the replica of the master, and one for the chaining backend. e.g. nsslapd-backend: userRoot Only the chaining backend is there. ILoveJython wrote: >Ulf Weltman wrote: > > > >>Richard Megginson wrote: >> >> >> >>>ILoveJython wrote: >>> >>> >>> >>>>I have read the document: >>>> >>>>Howto:ChainOnUpdate - Fedora Directory Server >>>><http://directory.fedora.redhat.com/wiki/Howto:ChainOnUpdate> >>>> >>>>and have been unable to get it to work. When I attempt a write to >>>>the consumer it makes the change on the >>>>consumer and does not update the master. >>>> >>>> >>> >>>This is bad. If the consumer is configured to be a read only >>>consumer you should not be able to make a change on it. You should >>>either get a referral returned from the consumer to the client >>>program which the client program will follow to make the change on >>>the master, or, if chain on update is working, you will see the >>>operation on the consumer and the same corresponding operation sent >>>to the master. >>> >>> >>> >>>>With the next change on the master of any kind, >>>>the mapping tree entry for this suffix changes from "nsslapd-state: >>>>backend" to "nsslapd-state: referral on update". >>>>Once this state changes, my client complains that it cannot update, >>>>since it cannot follow referrals. >>>> >>>> >>> >>>Ulf, you've been able to get this running, right? >>> >>> >>Yes, I was testing this a few weeks ago with the 7.1 release on >>HP-UX. It was configured with the instructions in the wiki document >>with a minor change to a malformed ACI (but that shouldn't cause this >>problem): >>http://directory.fedora.redhat.com/wiki?title=Howto%3AChainOnUpdate&diff=0&oldid=2794 >> >> >>There was also a minor issue with a spurious warning being logged. It >>doesn't cause any harm, just an inconvenience: >>https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=176293 >> >>Danney, can you paste us these entries from your consumer's dse.ldif? >>dn: cn="{your replicated suffix}", cn=mapping tree, cn=config >>dn: cn=replica, cn="{your replicated suffix}", cn=mapping tree, cn=config >>dn: cn=config, cn=chaining database, cn=plugins, cn=config >>dn: cn={name of your chaining backend}, cn=chaining database, >>cn=plugins, cn=config >> >>In the fourth one you can blank out the "nsmultiplexorcredentials" >>value before you send it. >> >> >> >>>>In addition, there are no log entries on the master to indicate any >>>>activity back from the consumer to the master, i.e. >>>>a proxy login. >>>> >>>>------------------------------------------------------------------------ >>>> >>>> >>>>-- >>>>Fedora-directory-users mailing list >>>>Fedora-directory-users at redhat.com >>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users >>>> >>>> >>>> >>>> >>>------------------------------------------------------------------------ >>> >>>-- >>>Fedora-directory-users mailing list >>>Fedora-directory-users at redhat.com >>>https://www.redhat.com/mailman/listinfo/fedora-directory-users >>> >>> >>> >>> >>-- >>Fedora-directory-users mailing list >>Fedora-directory-users at redhat.com >>https://www.redhat.com/mailman/listinfo/fedora-directory-users >> >> >> > >When I could not get it to work, I removed everything. I repeated the process with the >values I used and they are below. > >dn: cn="ou=CDE,o=FSL",cn=mapping tree, cn=config >objectClass: top >objectClass: extensibleObject >objectClass: nsMappingTree >nsslapd-state: backend >cn: "ou=CDE,o=FSL" >cn: ou=CDE,o=FSL >nsslapd-parent-suffix: "o=FSL" >nsslapd-backend: CDE >creatorsName: cn=directory manager >modifiersName: cn=directory manager >createTimestamp: 20060104155644Z >modifyTimestamp: 20060104164545Z >nsslapd-distribution-plugin: /var/fedora/servers/lib/replication-plugin.so >nsslapd-distribution-funct: repl_chain_on_update >numSubordinates: 1 >nsslapd-referral: ldap://vs31-tx32.am.freescale.net:389/ou%3DCDE%2Co%3DFSL > > > >dn: cn="ou=CDE,o=FSL",cn=mapping tree, cn=config >objectClass: top >objectClass: extensibleObject >objectClass: nsMappingTree >nsslapd-state: backend >cn: "ou=CDE,o=FSL" >cn: ou=CDE,o=FSL >nsslapd-parent-suffix: "o=FSL" >nsslapd-backend: CDE >creatorsName: cn=directory manager >modifiersName: cn=directory manager >createTimestamp: 20060104155644Z >modifyTimestamp: 20060104164545Z >nsslapd-distribution-plugin: /var/fedora/servers/lib/replication-plugin.so >nsslapd-distribution-funct: repl_chain_on_update >numSubordinates: 1 >nsslapd-referral: ldap://vs31-tx32.am.freescale.net:389/ou%3DCDE%2Co%3DFSL > > > >dn: cn=chaining database,cn=plugins,cn=config >cn: chaining database >nsslapd-pluginDescription: LDAP chaining backend database plugin >nsslapd-pluginEnabled: on >nsslapd-pluginId: chaining database >nsslapd-pluginInitfunc: chaining_back_init >nsslapd-pluginPath: /var/fedora/servers/lib/chainingdb-plugin.so >nsslapd-pluginType: database >nsslapd-pluginVendor: Fedora Project >nsslapd-pluginVersion: 7.1 >objectClass: top >objectClass: nsSlapdPlugin >objectClass: extensibleObject >creatorsName: cn=directory manager >modifiersName: cn=directory manager >createTimestamp: 20051220230831Z >modifyTimestamp: 20051220230831Z >numSubordinates: 4 > > > >dn: cn=CDE,cn=chaining database,cn=plugins,cn=config >nschecklocalaci: on >nsslapd-suffix: ou=CDE,o=FSL >objectClass: top >objectClass: extensibleObject >nsmultiplexorbinddn: cn=Replication Manager,cn=replication,cn=config >nsfarmserverurl: ldap://vs31-tx32:389/ou=CDE,o=FSL >cn: CDE >nsmultiplexorcredentials: {DES}MY_VALUE_GOES_HERE >creatorsName: cn=directory manager >modifiersName: cn=directory manager >createTimestamp: 20060104162022Z >modifyTimestamp: 20060104162022Z > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20060104/746d008f/attachment.bin
