[Fedora-directory-users] Chain on Update Problem

Richard Megginson rmeggins at redhat.com
Fri Sep 1 21:39:02 UTC 2006 

James B Newby wrote:
> Hello all,
>
> I'm having a problem with my consumer's chain on update.  I have a 
> setup with two masters and one consumer.  Multi-master replication is 
> working properly.  Changes made on either master propagate to the 
> other master and to the consumer.
>
> Before setting up chaining, changes made on the consumer from the 
> directory console would be denied.  After setting up chaining per the 
> wiki entry:
> http://directory.fedora.redhat.com/wiki/Howto:ChainOnUpdate ,
> changes could be made on the consumer through the directory console, 
> but would not propagate to the master.
How are you testing/verifying the change doesn't get through?  Note that 
if you make the change in the console, the console will not 
automatically refresh.  I would first check the access log on the 
consumer to find the ADD or MOD request, then see if that request made 
it to a master, then see if the master rejected it and why.
>
> I saw an e-mail with a similar problem in the December 2005 archive, 
> but didn't see any info in the replies that would help me.  I've tried 
> setting this up from scratch a couple times, but without success.  The 
> responses to ILoveJython's email in December suggested that certain 
> entries be pasted in, so I've included them below.
>
> The following acl is included in dc=hg,dc=com:
> (targetattr = "*")(version 3.0; acl "Proxied authorization for 
> database links";allow (proxy) (userdn = "ldap:///cn=Replication 
> Manager, cn=config");)
> Since multi-master replication is set up, this entry is present on all 
> three servers.
>
> Any help would be appreciated!  Thanks!
>
> -James
>
> dn: cn="dc=hg,dc=com",cn=mapping tree, cn=config
> objectClass: top
> objectClass: extensibleObject
> objectClass: nsMappingTree
> nsslapd-state: backend
> cn: "dc=hg,dc=com"
> cn: dc=hg,dc=com
> nsslapd-backend: userRoot
> nsslapd-backend: chainbe1
> nsslapd-referral: ldap://ldap1.mw1.highergear.com:1389/dc=hg,dc=com
> nsslapd-referral: ldap://ldap2.mw1.highergear.com:1389/dc=hg,dc=com
> nsslapd-distribution-plugin: /opt/fedora-ds/lib/replication-plugin.so
> nsslapd-distribution-funct: repl_chain_on_update
>
> dn: cn=replica,cn="dc=hg,dc=com",cn=mapping tree, cn=config
> objectClass: nsDS5Replica
> objectClass: top
> nsDS5ReplicaRoot: dc=hg,dc=com
> nsDS5ReplicaType: 2
> nsDS5Flags: 0
> nsds5ReplicaPurgeDelay: 604800
> nsDS5ReplicaBindDN: cn=Replication Manager,cn=config
> cn: replica
> nsDS5ReplicaId: 65535
> nsState:: //8AAIcx9kQAAAAAAAAAAAEAAAA=
> nsDS5ReplicaName: ddc65803-1dd111b2-80e6a7e3-5afe0000
> nsDS5ReplicaReferral: ldap://ldap1.mw1.highergear.com:1389/dc=hg,dc=com
> nsDS5ReplicaReferral: ldap://ldap2.mw1.highergear.com:1389/dc=hg,dc=com
> nsds5ReplicaChangeCount: 0
> nsds5replicareapactive: 0
>
> dn: cn=config,cn=chaining database,cn=plugins,cn=config
> cn: config
> objectClass: top
> objectClass: extensibleObject
> nstransmittedcontrols: 2.16.840.1.113730.3.4.2
> nstransmittedcontrols: 2.16.840.1.113730.3.4.9
> nstransmittedcontrols: 1.2.840.113556.1.4.473
> nstransmittedcontrols: 1.3.6.1.4.1.1466.29539.12
> nspossiblechainingcomponents: cn=resource limits,cn=components,cn=config
> nspossiblechainingcomponents: cn=certificate-based 
> authentication,cn=component
> s,cn=config
> nspossiblechainingcomponents: cn=ACL Plugin,cn=plugins,cn=config
> nspossiblechainingcomponents: cn=old plugin,cn=plugins,cn=config
> nspossiblechainingcomponents: cn=referential integrity 
> postoperation,cn=plugin
> s,cn=config
> nspossiblechainingcomponents: cn=attribute 
> uniqueness,cn=plugins,cn=config
> dn: cn=chainbe1, cn=chaining database, cn=plugins, cn=config
> objectClass: top
> objectClass: extensibleObject
> objectClass: nsBackendInstance
> cn: chainbe1
> nsslapd-suffix: dc=hg,dc=com
> nsfarmserverurl: ldap://ldap1.mw1.highergear.com:1389 
> ldap2.mw1.highergear.com
> :1389/
> nsmultiplexorbinddn: cn=Replication Manager, cn=config
> nsmultiplexorcredentials: {DES}<PASSWORD ERASED>
> nsbindconnectionslimit: 3
> nsoperationconnectionslimit: 20
> nsabandonedsearchcheckinterval: 1
> nsconcurrentbindlimit: 10
> nsconcurrentoperationslimit: 2
> nsproxiedauthorization: on
> nsconnectionlife: 0
> nsbindtimeout: 15
> nsreferralonscopedsearch: off
> nschecklocalaci: on
> nsbindretrylimit: 3
> nsslapd-sizelimit: 2000
> nsslapd-timelimit: 3600
> nshoplimit: 10
> nsmaxresponsedelay: 60
> nsmaxtestresponsedelay: 15
>
> -- 
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3178 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20060901/147f0efd/attachment.bin>

More information about the Fedora-directory-users mailing list