[Fedora-directory-users] Chain on Update Problem

James B Newby jnewby at highergear.com
Fri Sep 1 21:01:53 UTC 2006


Hello all,

I'm having a problem with my consumer's chain on update.  I have a setup 
with two masters and one consumer.  Multi-master replication is working 
properly.  Changes made on either master propagate to the other master 
and to the consumer.

Before setting up chaining, changes made on the consumer from the 
directory console would be denied.  After setting up chaining per the 
wiki entry:
http://directory.fedora.redhat.com/wiki/Howto:ChainOnUpdate ,
changes could be made on the consumer through the directory console, but 
would not propagate to the master.

I saw an e-mail with a similar problem in the December 2005 archive, but 
didn't see any info in the replies that would help me.  I've tried 
setting this up from scratch a couple times, but without success.  The 
responses to ILoveJython's email in December suggested that certain 
entries be pasted in, so I've included them below.

The following acl is included in dc=hg,dc=com:
(targetattr = "*")(version 3.0; acl "Proxied authorization for database 
links";allow (proxy) (userdn = "ldap:///cn=Replication Manager, 
cn=config");)
Since multi-master replication is set up, this entry is present on all 
three servers.

Any help would be appreciated!  Thanks!

-James

dn: cn="dc=hg,dc=com",cn=mapping tree, cn=config
objectClass: top
objectClass: extensibleObject
objectClass: nsMappingTree
nsslapd-state: backend
cn: "dc=hg,dc=com"
cn: dc=hg,dc=com
nsslapd-backend: userRoot
nsslapd-backend: chainbe1
nsslapd-referral: ldap://ldap1.mw1.highergear.com:1389/dc=hg,dc=com
nsslapd-referral: ldap://ldap2.mw1.highergear.com:1389/dc=hg,dc=com
nsslapd-distribution-plugin: /opt/fedora-ds/lib/replication-plugin.so
nsslapd-distribution-funct: repl_chain_on_update

dn: cn=replica,cn="dc=hg,dc=com",cn=mapping tree, cn=config
objectClass: nsDS5Replica
objectClass: top
nsDS5ReplicaRoot: dc=hg,dc=com
nsDS5ReplicaType: 2
nsDS5Flags: 0
nsds5ReplicaPurgeDelay: 604800
nsDS5ReplicaBindDN: cn=Replication Manager,cn=config
cn: replica
nsDS5ReplicaId: 65535
nsState:: //8AAIcx9kQAAAAAAAAAAAEAAAA=
nsDS5ReplicaName: ddc65803-1dd111b2-80e6a7e3-5afe0000
nsDS5ReplicaReferral: ldap://ldap1.mw1.highergear.com:1389/dc=hg,dc=com
nsDS5ReplicaReferral: ldap://ldap2.mw1.highergear.com:1389/dc=hg,dc=com
nsds5ReplicaChangeCount: 0
nsds5replicareapactive: 0

dn: cn=config,cn=chaining database,cn=plugins,cn=config
cn: config
objectClass: top
objectClass: extensibleObject
nstransmittedcontrols: 2.16.840.1.113730.3.4.2
nstransmittedcontrols: 2.16.840.1.113730.3.4.9
nstransmittedcontrols: 1.2.840.113556.1.4.473
nstransmittedcontrols: 1.3.6.1.4.1.1466.29539.12
nspossiblechainingcomponents: cn=resource limits,cn=components,cn=config
nspossiblechainingcomponents: cn=certificate-based 
authentication,cn=component
 s,cn=config
nspossiblechainingcomponents: cn=ACL Plugin,cn=plugins,cn=config
nspossiblechainingcomponents: cn=old plugin,cn=plugins,cn=config
nspossiblechainingcomponents: cn=referential integrity 
postoperation,cn=plugin
 s,cn=config
nspossiblechainingcomponents: cn=attribute uniqueness,cn=plugins,cn=config
dn: cn=chainbe1, cn=chaining database, cn=plugins, cn=config
objectClass: top
objectClass: extensibleObject
objectClass: nsBackendInstance
cn: chainbe1
nsslapd-suffix: dc=hg,dc=com
nsfarmserverurl: ldap://ldap1.mw1.highergear.com:1389 
ldap2.mw1.highergear.com
 :1389/
nsmultiplexorbinddn: cn=Replication Manager, cn=config
nsmultiplexorcredentials: {DES}<PASSWORD ERASED>
nsbindconnectionslimit: 3
nsoperationconnectionslimit: 20
nsabandonedsearchcheckinterval: 1
nsconcurrentbindlimit: 10
nsconcurrentoperationslimit: 2
nsproxiedauthorization: on
nsconnectionlife: 0
nsbindtimeout: 15
nsreferralonscopedsearch: off
nschecklocalaci: on
nsbindretrylimit: 3
nsslapd-sizelimit: 2000
nsslapd-timelimit: 3600
nshoplimit: 10
nsmaxresponsedelay: 60
nsmaxtestresponsedelay: 15




More information about the Fedora-directory-users mailing list