Hmm - there are two entries for dn: cn="ou=CDE,o=FSL",cn=mapping tree, cn=configThat's bad. In addition, there is only 1 nsslapd-backend for that suffix - there should be two - one for the 'local' backend which is the replica of the master, and one for the chaining backend. e.g. nsslapd-backend: userRoot
Only the chaining backend is there. ILoveJython wrote:
Ulf Weltman wrote:Richard Megginson wrote:ILoveJython wrote:I have read the document: Howto:ChainOnUpdate - Fedora Directory Server <http://directory.fedora.redhat.com/wiki/Howto:ChainOnUpdate> and have been unable to get it to work. When I attempt a write to the consumer it makes the change on the consumer and does not update the master.This is bad. If the consumer is configured to be a read only consumer you should not be able to make a change on it. You should either get a referral returned from the consumer to the client program which the client program will follow to make the change on the master, or, if chain on update is working, you will see the operation on the consumer and the same corresponding operation sent to the master.With the next change on the master of any kind, the mapping tree entry for this suffix changes from "nsslapd-state: backend" to "nsslapd-state: referral on update". Once this state changes, my client complains that it cannot update, since it cannot follow referrals.Ulf, you've been able to get this running, right?Yes, I was testing this a few weeks ago with the 7.1 release on HP-UX. It was configured with the instructions in the wiki document with a minor change to a malformed ACI (but that shouldn't cause this problem): http://directory.fedora.redhat.com/wiki?title=Howto%3AChainOnUpdate&diff=0&oldid=2794 There was also a minor issue with a spurious warning being logged. It doesn't cause any harm, just an inconvenience: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=176293 Danney, can you paste us these entries from your consumer's dse.ldif? dn: cn="{your replicated suffix}", cn=mapping tree, cn=config dn: cn=replica, cn="{your replicated suffix}", cn=mapping tree, cn=config dn: cn=config, cn=chaining database, cn=plugins, cn=config dn: cn={name of your chaining backend}, cn=chaining database, cn=plugins, cn=config In the fourth one you can blank out the "nsmultiplexorcredentials" value before you send it.In addition, there are no log entries on the master to indicate any activity back from the consumer to the master, i.e. a proxy login. ------------------------------------------------------------------------ -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users------------------------------------------------------------------------ -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-usersWhen I could not get it to work, I removed everything. I repeated the process with the values I used and they are below. dn: cn="ou=CDE,o=FSL",cn=mapping tree, cn=config objectClass: top objectClass: extensibleObject objectClass: nsMappingTree nsslapd-state: backend cn: "ou=CDE,o=FSL" cn: ou=CDE,o=FSL nsslapd-parent-suffix: "o=FSL" nsslapd-backend: CDE creatorsName: cn=directory manager modifiersName: cn=directory manager createTimestamp: 20060104155644Z modifyTimestamp: 20060104164545Z nsslapd-distribution-plugin: /var/fedora/servers/lib/replication-plugin.so nsslapd-distribution-funct: repl_chain_on_update numSubordinates: 1 nsslapd-referral: ldap://vs31-tx32.am.freescale.net:389/ou%3DCDE%2Co%3DFSL dn: cn="ou=CDE,o=FSL",cn=mapping tree, cn=config objectClass: top objectClass: extensibleObject objectClass: nsMappingTree nsslapd-state: backend cn: "ou=CDE,o=FSL" cn: ou=CDE,o=FSL nsslapd-parent-suffix: "o=FSL" nsslapd-backend: CDE creatorsName: cn=directory manager modifiersName: cn=directory manager createTimestamp: 20060104155644Z modifyTimestamp: 20060104164545Z nsslapd-distribution-plugin: /var/fedora/servers/lib/replication-plugin.so nsslapd-distribution-funct: repl_chain_on_update numSubordinates: 1 nsslapd-referral: ldap://vs31-tx32.am.freescale.net:389/ou%3DCDE%2Co%3DFSL dn: cn=chaining database,cn=plugins,cn=config cn: chaining database nsslapd-pluginDescription: LDAP chaining backend database plugin nsslapd-pluginEnabled: on nsslapd-pluginId: chaining database nsslapd-pluginInitfunc: chaining_back_init nsslapd-pluginPath: /var/fedora/servers/lib/chainingdb-plugin.so nsslapd-pluginType: database nsslapd-pluginVendor: Fedora Project nsslapd-pluginVersion: 7.1 objectClass: top objectClass: nsSlapdPlugin objectClass: extensibleObject creatorsName: cn=directory manager modifiersName: cn=directory manager createTimestamp: 20051220230831Z modifyTimestamp: 20051220230831Z numSubordinates: 4 dn: cn=CDE,cn=chaining database,cn=plugins,cn=config nschecklocalaci: on nsslapd-suffix: ou=CDE,o=FSL objectClass: top objectClass: extensibleObject nsmultiplexorbinddn: cn=Replication Manager,cn=replication,cn=config nsfarmserverurl: ldap://vs31-tx32:389/ou=CDE,o=FSL cn: CDE nsmultiplexorcredentials: {DES}MY_VALUE_GOES_HERE creatorsName: cn=directory manager modifiersName: cn=directory manager createTimestamp: 20060104162022Z modifyTimestamp: 20060104162022Z -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
