James B Newby wrote:
How are you testing/verifying the change doesn't get through? Note that if you make the change in the console, the console will not automatically refresh. I would first check the access log on the consumer to find the ADD or MOD request, then see if that request made it to a master, then see if the master rejected it and why.Hello all,I'm having a problem with my consumer's chain on update. I have a setup with two masters and one consumer. Multi-master replication is working properly. Changes made on either master propagate to the other master and to the consumer.Before setting up chaining, changes made on the consumer from the directory console would be denied. After setting up chaining per the wiki entry:http://directory.fedora.redhat.com/wiki/Howto:ChainOnUpdate ,changes could be made on the consumer through the directory console, but would not propagate to the master.
I saw an e-mail with a similar problem in the December 2005 archive, but didn't see any info in the replies that would help me. I've tried setting this up from scratch a couple times, but without success. The responses to ILoveJython's email in December suggested that certain entries be pasted in, so I've included them below.The following acl is included in dc=hg,dc=com:(targetattr = "*")(version 3.0; acl "Proxied authorization for database links";allow (proxy) (userdn = "ldap:///cn=Replication Manager, cn=config");) Since multi-master replication is set up, this entry is present on all three servers.Any help would be appreciated! Thanks! -James dn: cn="dc=hg,dc=com",cn=mapping tree, cn=config objectClass: top objectClass: extensibleObject objectClass: nsMappingTree nsslapd-state: backend cn: "dc=hg,dc=com" cn: dc=hg,dc=com nsslapd-backend: userRoot nsslapd-backend: chainbe1 nsslapd-referral: ldap://ldap1.mw1.highergear.com:1389/dc=hg,dc=com nsslapd-referral: ldap://ldap2.mw1.highergear.com:1389/dc=hg,dc=com nsslapd-distribution-plugin: /opt/fedora-ds/lib/replication-plugin.so nsslapd-distribution-funct: repl_chain_on_update dn: cn=replica,cn="dc=hg,dc=com",cn=mapping tree, cn=config objectClass: nsDS5Replica objectClass: top nsDS5ReplicaRoot: dc=hg,dc=com nsDS5ReplicaType: 2 nsDS5Flags: 0 nsds5ReplicaPurgeDelay: 604800 nsDS5ReplicaBindDN: cn=Replication Manager,cn=config cn: replica nsDS5ReplicaId: 65535 nsState:: //8AAIcx9kQAAAAAAAAAAAEAAAA= nsDS5ReplicaName: ddc65803-1dd111b2-80e6a7e3-5afe0000 nsDS5ReplicaReferral: ldap://ldap1.mw1.highergear.com:1389/dc=hg,dc=com nsDS5ReplicaReferral: ldap://ldap2.mw1.highergear.com:1389/dc=hg,dc=com nsds5ReplicaChangeCount: 0 nsds5replicareapactive: 0 dn: cn=config,cn=chaining database,cn=plugins,cn=config cn: config objectClass: top objectClass: extensibleObject nstransmittedcontrols: 2.16.840.1.113730.3.4.2 nstransmittedcontrols: 2.16.840.1.113730.3.4.9 nstransmittedcontrols: 1.2.840.113556.1.4.473 nstransmittedcontrols: 1.3.6.1.4.1.1466.29539.12 nspossiblechainingcomponents: cn=resource limits,cn=components,cn=confignspossiblechainingcomponents: cn=certificate-based authentication,cn=components,cn=config nspossiblechainingcomponents: cn=ACL Plugin,cn=plugins,cn=config nspossiblechainingcomponents: cn=old plugin,cn=plugins,cn=confignspossiblechainingcomponents: cn=referential integrity postoperation,cn=plugins,cn=confignspossiblechainingcomponents: cn=attribute uniqueness,cn=plugins,cn=configdn: cn=chainbe1, cn=chaining database, cn=plugins, cn=config objectClass: top objectClass: extensibleObject objectClass: nsBackendInstance cn: chainbe1 nsslapd-suffix: dc=hg,dc=comnsfarmserverurl: ldap://ldap1.mw1.highergear.com:1389 ldap2.mw1.highergear.com:1389/ nsmultiplexorbinddn: cn=Replication Manager, cn=config nsmultiplexorcredentials: {DES}<PASSWORD ERASED> nsbindconnectionslimit: 3 nsoperationconnectionslimit: 20 nsabandonedsearchcheckinterval: 1 nsconcurrentbindlimit: 10 nsconcurrentoperationslimit: 2 nsproxiedauthorization: on nsconnectionlife: 0 nsbindtimeout: 15 nsreferralonscopedsearch: off nschecklocalaci: on nsbindretrylimit: 3 nsslapd-sizelimit: 2000 nsslapd-timelimit: 3600 nshoplimit: 10 nsmaxresponsedelay: 60 nsmaxtestresponsedelay: 15 -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
