James B Newby wrote: > Hello all, > > I'm having a problem with my consumer's chain on update. I have a > setup with two masters and one consumer. Multi-master replication is > working properly. Changes made on either master propagate to the > other master and to the consumer. > > Before setting up chaining, changes made on the consumer from the > directory console would be denied. After setting up chaining per the > wiki entry: > http://directory.fedora.redhat.com/wiki/Howto:ChainOnUpdate , > changes could be made on the consumer through the directory console, > but would not propagate to the master. How are you testing/verifying the change doesn't get through? Note that if you make the change in the console, the console will not automatically refresh. I would first check the access log on the consumer to find the ADD or MOD request, then see if that request made it to a master, then see if the master rejected it and why. > > I saw an e-mail with a similar problem in the December 2005 archive, > but didn't see any info in the replies that would help me. I've tried > setting this up from scratch a couple times, but without success. The > responses to ILoveJython's email in December suggested that certain > entries be pasted in, so I've included them below. > > The following acl is included in dc=hg,dc=com: > (targetattr = "*")(version 3.0; acl "Proxied authorization for > database links";allow (proxy) (userdn = "ldap:///cn=Replication > Manager, cn=config");) > Since multi-master replication is set up, this entry is present on all > three servers. > > Any help would be appreciated! Thanks! > > -James > > dn: cn="dc=hg,dc=com",cn=mapping tree, cn=config > objectClass: top > objectClass: extensibleObject > objectClass: nsMappingTree > nsslapd-state: backend > cn: "dc=hg,dc=com" > cn: dc=hg,dc=com > nsslapd-backend: userRoot > nsslapd-backend: chainbe1 > nsslapd-referral: ldap://ldap1.mw1.highergear.com:1389/dc=hg,dc=com > nsslapd-referral: ldap://ldap2.mw1.highergear.com:1389/dc=hg,dc=com > nsslapd-distribution-plugin: /opt/fedora-ds/lib/replication-plugin.so > nsslapd-distribution-funct: repl_chain_on_update > > dn: cn=replica,cn="dc=hg,dc=com",cn=mapping tree, cn=config > objectClass: nsDS5Replica > objectClass: top > nsDS5ReplicaRoot: dc=hg,dc=com > nsDS5ReplicaType: 2 > nsDS5Flags: 0 > nsds5ReplicaPurgeDelay: 604800 > nsDS5ReplicaBindDN: cn=Replication Manager,cn=config > cn: replica > nsDS5ReplicaId: 65535 > nsState:: //8AAIcx9kQAAAAAAAAAAAEAAAA= > nsDS5ReplicaName: ddc65803-1dd111b2-80e6a7e3-5afe0000 > nsDS5ReplicaReferral: ldap://ldap1.mw1.highergear.com:1389/dc=hg,dc=com > nsDS5ReplicaReferral: ldap://ldap2.mw1.highergear.com:1389/dc=hg,dc=com > nsds5ReplicaChangeCount: 0 > nsds5replicareapactive: 0 > > dn: cn=config,cn=chaining database,cn=plugins,cn=config > cn: config > objectClass: top > objectClass: extensibleObject > nstransmittedcontrols: 2.16.840.1.113730.3.4.2 > nstransmittedcontrols: 2.16.840.1.113730.3.4.9 > nstransmittedcontrols: 1.2.840.113556.1.4.473 > nstransmittedcontrols: 1.3.6.1.4.1.1466.29539.12 > nspossiblechainingcomponents: cn=resource limits,cn=components,cn=config > nspossiblechainingcomponents: cn=certificate-based > authentication,cn=component > s,cn=config > nspossiblechainingcomponents: cn=ACL Plugin,cn=plugins,cn=config > nspossiblechainingcomponents: cn=old plugin,cn=plugins,cn=config > nspossiblechainingcomponents: cn=referential integrity > postoperation,cn=plugin > s,cn=config > nspossiblechainingcomponents: cn=attribute > uniqueness,cn=plugins,cn=config > dn: cn=chainbe1, cn=chaining database, cn=plugins, cn=config > objectClass: top > objectClass: extensibleObject > objectClass: nsBackendInstance > cn: chainbe1 > nsslapd-suffix: dc=hg,dc=com > nsfarmserverurl: ldap://ldap1.mw1.highergear.com:1389 > ldap2.mw1.highergear.com > :1389/ > nsmultiplexorbinddn: cn=Replication Manager, cn=config > nsmultiplexorcredentials: {DES}<PASSWORD ERASED> > nsbindconnectionslimit: 3 > nsoperationconnectionslimit: 20 > nsabandonedsearchcheckinterval: 1 > nsconcurrentbindlimit: 10 > nsconcurrentoperationslimit: 2 > nsproxiedauthorization: on > nsconnectionlife: 0 > nsbindtimeout: 15 > nsreferralonscopedsearch: off > nschecklocalaci: on > nsbindretrylimit: 3 > nsslapd-sizelimit: 2000 > nsslapd-timelimit: 3600 > nshoplimit: 10 > nsmaxresponsedelay: 60 > nsmaxtestresponsedelay: 15 > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20060901/147f0efd/attachment.bin
