Mark Mcdonald wrote:
Joachim Hergeth (GTS) <mailto:[EMAIL PROTECTED]> wrote on Monday, April 16,
2007 10:58 PM:
To my knowledge and experience it is not possible to change data in an
LDAP-consumer. You have to change the data in the producer and it then
gets forwarded to the consumer by the syncrepl process.
I observed this in my OpenLDAP installation.
Please correct me if I am wrong or if specific options have to be used to
enable it.
This is correct, as the names suggest the Provider will provide changes to the
consumer(s). In some circumstances it is possible (although extrememly bad
practice) to impersonate the provider to make a change on a consumer, but the
consumer will not notify any other nodes as it that is the role of the provider.
A 'normal' LDAP system consists of a provider who feeds all data to consumers.
The consumers receive changes ONLY from the provider and the provider will
receive updates from your clients. There are other situations (multiple-tier
systems, multiple providers, etc) that require quite a bit more knowledge to
configure.
Consumers are able to refer updates to the provider using referrals. For more
information search the list archives for referrals.
Consumers can also chain updates to the provider instead of returning a
referral to the client. That's probably the best thing to do since most
clients don't handle referrals securely.
And of course, in OpenLDAP 2.4 you can use multi-master and have changes
propagated all around.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
