Am Tue, 29 Jul 2014 17:22:17 -0500 schrieb Andy Dorman <[email protected]>:
> - Debian OpenLDAP 2.4.39 using back_mdb > > - delta-syncrepl master->multiple slaves (lightning fast and has > worked great for many years) > > - the client running on each slave and causing the problem is Horde > using the php-ldap client (PHP 5.6). > > Horde is configured to use the slave/localhost LDAP replica and we > are hoping to use updateref and chain overlay to write to the master > and read from the localhost slave. > > Our slapd.conf global config has: > > ... > moduleload back_ldap > overlay chain > chain-uri ldap://ldap.ironicdesign.com/ > > chain-idassert-bind bindmethod="simple" > binddn="root dn" > credentials=<root pwd> > mode="self" > chain-return-error TRUE > ... > > And after the syncrepl setup, the last line of slapd.conf defines > updateref. > > ... > updateref ldap://ldap.ironicdesign.com/ > > > So, the problem comes when we add an address book contact to be > stored in LDAP. The contact is written successfully to the LDAP > master, but then Horde/php-ldap tries to get/read the new contact and > of course it is not on our localhost slave yet, so the "get" fails. > > I noted in the OpenLDAP docs, "12.3.4. Read-Back of Chained > Modifications", where it discusses using the "dontusecopy" control in > the client to prevent this problem, but I can find no reference to > setting this "dontusecopy" control anywhere in the PHP-ldap client or > any other client for that matter. > > Has anyone ever used the "dontusecopy" control and if so, would you > mind terribly telling us how/where you used it? The php ldap module has not implemented this control. http://php.net/manual/en/book.ldap.php You may test the client using ldapsearch(5), read the manual page on search extensions. -Dieter -- Dieter Klünter | Systemberatung http://sys4.de GPG Key ID: E9ED159B 53°37'09,95"N 10°08'02,42"E
