On Mon, 2006-03-20 at 14:07 -0500, Sean Hussey wrote: > Sorry, my question re-posed to the list-- > > Does OpenLDAP's ldapmodify follow referrals? I can't seem to get it > to work. When trying to modify the userPassword against any of our > child servers, it will say "modify complete," but the userPassword > attribute is not changed on the master: > > $ ldapmodify -D "uid=testerguy,ou=people,dc=company,dc=com" -h > "ldapchild" -x -W -v -f testerguy.ldif > ldap_initialize( ldap://ldapchild ) > Enter LDAP Password: > replace userPassword: > {MD5}*****== > modifying entry "uid=testerguy,ou=people,dc=company,dc=com" > modify complete > ldap_modify: Referral (10) > referrals: > ldap://ldapmaster/uid=testerguy,ou=people,dc=company,dc=com > > $ > > The password is not changed on the master, however.
OpenLDAP tools don't chase referrals by design. Some of them can chase referrals anonymously, and this in most cases is not going to work for writes. When you get a referral, you're supposed to cut'n'paste the URL into the -H option (and anywhere else appropriate) in your command line and re-execute the command (that is: they're very simple tools that do not provide esoteric features like guessing what credentials one might want to disveal while automatically chasing a referral, or prompting for them). As per the message you get, returning a referral is a perfectly valid LDAP means to honor an operation, and it should not be seen as an error (in fact, some return codes different from success, like referral and others are called "response codes" rather than "error codes"). So, from an LDAP perspective, performing the write and returning a referral are both successful ways to honor a request, although, of course, they have different implications. If you want to use your slaves as write entry points, you should have a look at test032 and slapo-chain(5) (2.3 only). p. Ing. Pierangelo Masarati Responsabile Open Solution OpenLDAP Core Team SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: [EMAIL PROTECTED] ------------------------------------------
