On 2013-09-26 16:42, "Dieter Klünter" <[email protected]> wrote:
>Am Thu, 26 Sep 2013 19:50:08 +0000 >schrieb "Jancewicz, Russell" <[email protected]>: > >> >> >> On 2013-09-26 15:04, "Dieter Klünter" <[email protected]> wrote: >> >> >Am Thu, 26 Sep 2013 17:23:42 +0000 >> >schrieb "Jancewicz, Russell" <[email protected]>: >> > >> >> It was modified from the generation of slapd-chain2.conf which also >> >> didn't work (I was working off the assumption that the overlay >> >> needed to be on olcDatabase={1}frontend) >> >> >> >> This is the slapd-chain2.conf file I am using (modified slightly) >> >> The only differences between this and the unmodified >> >> slapd-chain2.conf is the directory and the addition of chain-tls >> >> and chain-idassert-authzFrom to the "overlay chain" section. >> >> >> >> I'm generating my config with it with >> >> $ slaptest -f slapd-chain2.conf -F ./slapd.d-test/ >> >> >> >> >> >> """ >> >> include /etc/openldap/schema/core.schema >> >> include /etc/openldap/schema/cosine.schema >> >> include /etc/openldap/schema/inetorgperson.schema >> >> include /etc/openldap/schema/openldap.schema >> >> include /etc/openldap/schema/nis.schema >> >> >> >> database hdb >> >> directory /srv/ldap/example.com/ >> >> suffix "dc=example,dc=com" >> >> rootdn "cn=admin,dc=example,dc=com" >> >> rootpw secret >> >> >> >> overlay chain >> >> chain-uri ldap://master.example.com >> >> chain-idassert-bind bindmethod=simple binddn="dc=example,dc=com" >> >> credentials=secret mode=self >> >> chain-tls start >> >> chain-idassert-authzFrom "*" >> >> """ >> >[...] >> > >> >In this particular case chaining is a global configuration parameter, >> >> >> If that's the case what should I do to propagate writes/modifies from >> a *specific* database on my slave to a master? >> (ideally in cn=config style ldifs, not ldap.conf) >> >> Regardless if I apply it to the {-1}frontend or the {1}hdb both >> situations have resulted in the unwilling to perform error. > >If you want to chain write operations to a remote server, you should >define your local server, or at least partitions of the local server, >as a syncrepl client. > The system I am working on is already a syncrepl consumer from the master (hence the terminology master, slave). The master system is sends all data to the slave. I want any attempted writes to said save to be forwarded back to the master. I understand that individual LDAP clients can complete this via referral chasing however I would like (and maybe wrongly assumed) that chaining would provide me this functionality. If this is not how chaining behaves would someone please explain the intended use? >From what I read in documentation and other places it would appear that the following configurations should accomplish what I am looking for however every variation on them results in Server unwilling to preform on modify dn: olcOverlay={0}chain,olcDatabase={1}hdb,cn=config objectClass: olcOverlayConfig objectClass: olcChainConfig olcOverlay: {0}chain olcChainCacheURI: FALSE olcChainMaxReferralDepth: 1 olcChainReturnError: FALSE dn: olcDatabase={0}ldap,olcOverlay={0}chain,olcDatabase={1}hdb,cn=config objectClass: olcLDAPConfig objectClass: olcChainDatabase olcDatabase: {0}ldap olcDbURI: "ldap://master.example.com"; olcDbIDAssertBind: mode=self bindmethod=simple binddn="cn=admin,dc=example,dc=com" credentials="secret" I am trying to add said chaining to an already running server which was bootstrapped via cn=config. *** Is there any way to accomplish what I am looking to do? *** Should I modify the LDIF above in any way to make things work? -Russell J. Jancewicz University of Connecticut
