Re: Question on password changes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Bliss, Aaron wrote:

I have a quick question on password changes; my current setup is the
following: I have 2 directory servers, single master environment
(supplier and consumer); I understand that all changes to the directory
have to be made by the supplier and are then replicated to the consumer;
when a client server binds to the consumer and a user attempts to change
their password, they receive an unknown error response from the server,
and changes are not made; simply configuring the client's ldap.conf file
to bind first with the supplier resolved this issue, however I was
wondering if it's possible to configure the consumer in such a way that
he will refer the update to take place on the supplier instead of
rejecting the change to the database?

Yes, that's what should be happening. When you send the modify password request to the consumer, it should send back a referral to the supplier. You can see this in the access log - a MOD request followed by a response with err=10 (referral). If however the client is using the password modify extended operation, I don't think that is referred to the supplier. In this case, you will see EXT as the operation type in the access log for the request.

I would have thought that the
consumer would simply refer changes automatically to the supplier, but
that doesn't seem to be the case.  Any thoughts?

Check the access logs, as above.

I do know that I can
configure both servers to be masters, but I was hoping to avoid this
(I've read thru some of the directory server documentation citing errors
and so forth in a multi-master environment) Thanks.
http://directory.fedora.redhat.com/wiki/Howto:ChainOnUpdate

However, I don't think we chain the password change extended operation.

Aaron

www.preferredcare.org
"An Outstanding Member Experience," Preferred Care HMO Plans -- J. D. Power and Associates

Confidentiality Notice:
The information contained in this electronic message is intended for the exclusive use of the individual or entity named above and may contain privileged or confidential information.  If the reader of this message is not the intended recipient or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that dissemination, distribution or copying of this information is prohibited.  If you have received this communication in error, please notify the sender immediately by telephone and destroy the copies you received.


--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users

[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux