Re: logging into slave ldap server

["nate" <ldap@aphroland.org>]

<quote who="Stefan Alfredsson">

> Is the "rootdn" and "rootpw" entries in slapd.conf the same on both
> machines? (i.e. maybe you forgot to update it on the slave,
> or maybe the "rootdn" is the replicating user)
>
> ie: on master you have
> rootdn	"cn=admin,dc=com"
> rootpw   {SSHA}xxxx
>
> and on the slave
> rootdn   "cn=replicator,dc=com"
> rootpw   {SSHA}yyyy
>
> and then I assume you have an entry "cn=admin,dc=com" entry in
your
> database?

I am not using those 2 options currently. I usually use the
rootpw option until I do the initial import of the database then
I remove it and slapd seems to restort to using the password
in the database. I do have:

access to *
        by dn="cn=admin,o=linuxpowered,c=us" write
        by * read

If i specify the rootpw in slapd.conf on the slave I am allowed
to login as admin, no errors, on the master I don't have to do
this, is this some requirement for slaves? I'd like to avoid
storing the password in the config file in plain text ..


>
> This means that you would have two set the rootpw in two places;
> When authentication with master, you are verified against the
> rootpw in slapd.conf. When authenticating against the slave (using
> the same dn), then the userPassword of the admin _database entry_
> is used...

Right now, I authenticate against the admin _database entry_ for
the master, and I am not sure what it is doing on the slave, I
would expect it would do the same. From what I have read a
slave is nothing more then a database that recieves input from
slurp on the master, it should otherwise behave just like the master
as far as accessing the database itself.

so it seems, that what is happening with me is backwards from
what you explain above. is this a limitation(one requiring the
password be in slapd.conf the other not) or just a config issue?


>
> Atleast if I understand the authentication process correctly :)

i wish i did!

thanks for the quick reply!!

nate