Hmm - there are two entries for
dn: cn="ou=CDE,o=FSL",cn=mapping tree, cn=config
That's bad. In addition, there is only 1 nsslapd-backend for that
suffix - there should be two - one for the 'local' backend which is the
replica of the master, and one for the chaining backend. e.g.
nsslapd-backend: userRoot
Only the chaining backend is there.
ILoveJython wrote:
Ulf Weltman wrote:
>Richard Megginson wrote:
>
>
>
>>ILoveJython wrote:
>>
>>
>>
>>>I have read the document:
>>>
>>>Howto:ChainOnUpdate - Fedora Directory Server
>>><http://directory.fedora.redhat.com/wiki/Howto:ChainOnUpdate>
>>>
>>>and have been unable to get it to work. When I attempt a write to
>>>the consumer it makes the change on the
>>>consumer and does not update the master.
>>>
>>>
>>
>>This is bad. If the consumer is configured to be a read only
>>consumer you should not be able to make a change on it. You should
>>either get a referral returned from the consumer to the client
>>program which the client program will follow to make the change on
>>the master, or, if chain on update is working, you will see the
>>operation on the consumer and the same corresponding operation sent
>>to the master.
>>
>>
>>
>>>With the next change on the master of any kind,
>>>the mapping tree entry for this suffix changes from "nsslapd-state:
>>>backend" to "nsslapd-state: referral on update".
>>>Once this state changes, my client complains that it cannot update,
>>>since it cannot follow referrals.
>>>
>>>
>>
>>Ulf, you've been able to get this running, right?
>>
>>
>Yes, I was testing this a few weeks ago with the 7.1 release on
>HP-UX. It was configured with the instructions in the wiki document
>with a minor change to a malformed ACI (but that shouldn't cause this
>problem):
>http://directory.fedora.redhat.com/wiki?title=Howto%3AChainOnUpdate&diff=0&oldid=2794
>
>
>There was also a minor issue with a spurious warning being logged. It
>doesn't cause any harm, just an inconvenience:
>https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=176293
>
>Danney, can you paste us these entries from your consumer's dse.ldif?
>dn: cn="{your replicated suffix}", cn=mapping tree, cn=config
>dn: cn=replica, cn="{your replicated suffix}", cn=mapping tree, cn=config
>dn: cn=config, cn=chaining database, cn=plugins, cn=config
>dn: cn={name of your chaining backend}, cn=chaining database,
>cn=plugins, cn=config
>
>In the fourth one you can blank out the "nsmultiplexorcredentials"
>value before you send it.
>
>
>
>>>In addition, there are no log entries on the master to indicate any
>>>activity back from the consumer to the master, i.e.
>>>a proxy login.
>>>
>>>------------------------------------------------------------------------
>>>
>>>
>>>--
>>>Fedora-directory-users mailing list
>>>Fedora-directory-users(a)redhat.com
>>>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>>
>>>
>>>
>>>
>>------------------------------------------------------------------------
>>
>>--
>>Fedora-directory-users mailing list
>>Fedora-directory-users(a)redhat.com
>>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>
>>
>>
>>
>--
>Fedora-directory-users mailing list
>Fedora-directory-users(a)redhat.com
>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
>
When I could not get it to work, I removed everything. I repeated the process with the
values I used and they are below.
dn: cn="ou=CDE,o=FSL",cn=mapping tree, cn=config
objectClass: top
objectClass: extensibleObject
objectClass: nsMappingTree
nsslapd-state: backend
cn: "ou=CDE,o=FSL"
cn: ou=CDE,o=FSL
nsslapd-parent-suffix: "o=FSL"
nsslapd-backend: CDE
creatorsName: cn=directory manager
modifiersName: cn=directory manager
createTimestamp: 20060104155644Z
modifyTimestamp: 20060104164545Z
nsslapd-distribution-plugin: /var/fedora/servers/lib/replication-plugin.so
nsslapd-distribution-funct: repl_chain_on_update
numSubordinates: 1
nsslapd-referral: ldap://vs31-tx32.am.freescale.net:389/ou%3DCDE%2Co%3DFSL
dn: cn="ou=CDE,o=FSL",cn=mapping tree, cn=config
objectClass: top
objectClass: extensibleObject
objectClass: nsMappingTree
nsslapd-state: backend
cn: "ou=CDE,o=FSL"
cn: ou=CDE,o=FSL
nsslapd-parent-suffix: "o=FSL"
nsslapd-backend: CDE
creatorsName: cn=directory manager
modifiersName: cn=directory manager
createTimestamp: 20060104155644Z
modifyTimestamp: 20060104164545Z
nsslapd-distribution-plugin: /var/fedora/servers/lib/replication-plugin.so
nsslapd-distribution-funct: repl_chain_on_update
numSubordinates: 1
nsslapd-referral: ldap://vs31-tx32.am.freescale.net:389/ou%3DCDE%2Co%3DFSL
dn: cn=chaining database,cn=plugins,cn=config
cn: chaining database
nsslapd-pluginDescription: LDAP chaining backend database plugin
nsslapd-pluginEnabled: on
nsslapd-pluginId: chaining database
nsslapd-pluginInitfunc: chaining_back_init
nsslapd-pluginPath: /var/fedora/servers/lib/chainingdb-plugin.so
nsslapd-pluginType: database
nsslapd-pluginVendor: Fedora Project
nsslapd-pluginVersion: 7.1
objectClass: top
objectClass: nsSlapdPlugin
objectClass: extensibleObject
creatorsName: cn=directory manager
modifiersName: cn=directory manager
createTimestamp: 20051220230831Z
modifyTimestamp: 20051220230831Z
numSubordinates: 4
dn: cn=CDE,cn=chaining database,cn=plugins,cn=config
nschecklocalaci: on
nsslapd-suffix: ou=CDE,o=FSL
objectClass: top
objectClass: extensibleObject
nsmultiplexorbinddn: cn=Replication Manager,cn=replication,cn=config
nsfarmserverurl: ldap://vs31-tx32:389/ou=CDE,o=FSL
cn: CDE
nsmultiplexorcredentials: {DES}MY_VALUE_GOES_HERE
creatorsName: cn=directory manager
modifiersName: cn=directory manager
createTimestamp: 20060104162022Z
modifyTimestamp: 20060104162022Z
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users