[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: replication problem
hi,
Do you have teh replicator account in the LDAP database? And have
you set it's password? I added mine as a simple security object:
dn: cn=REPLIC,dc=jsthrower,dc=com
objectClass: organizationalRole
objectClass: simpleSecurityObject
cn: REPLIC
description: Replication Administrator
userPassword: {SSHA}xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
And make sure it has access to write to the database and it's own
record:
access to attribute=userPassword
by dn="cn=Admin,dc=jsthrower,dc=com" write
by dn="cn=REPLIC,dc=jsthrower,dc=com" write
by anonymous auth
by self write
by * none
# The admin dn has full write access
access to *
by dn="cn=Admin,dc=jsthrower,dc=com" write
by dn="cn=REPLIC,dc=jsthrower,dc=com" write
by * read
j.
On Mon, Jul 21, 2003 at 05:16:11PM -0400, Swavek Hryniewicz wrote:
> Hi,
> I seem to have a problem replicating my database.
> The master works fine and when I run slurpd it gives me an error message:
> bind to xxx.xxx.xxx.xxx:389 as cn=replicator,dc=example,dc=com (simple)
> ber_flush: 54 bytes to sd 10
> request 1 done
> Error: ldap_simple_bind_s for xxx.xxx.xxx.xxx:389 failed: Invalid
> credentials
> ber_flush: 7 bytes to sd 10
>
> The bind method I'm using is oviously simple and for credentials=secret.
> Here are my slapd.conf files for master and slave:
>
> # Create a replication log in /var/lib/ldap for use by slurpd.
> replogfile /var/lib/ldap/master-slapd.replog
>
> database ldbm
> suffix "dc=example,dc=com"
> rootdn "cn=root,dc=example,dc=com"
>
> rootpw {CRYPT}a8trcz2h1g9QY
>
> # The database directory MUST exist prior to running slapd AND
> # should only be accessible by the slapd/tools. Mode 700 recommended.
> directory /var/lib/ldap
> # Indices to maintain
> index objectClass,uid,uidNumber,gidNumber,memberUid eq
> index cn,mail,surname,givenname eq,subinitial
> # Replicas to which we should propagate changes
> replica host=xxx.xxx.xxx.xxx:389
> binddn="cn=replicator,dc=example,dc=com"
> bindmethod=simple
> credentials=secret
> # ACLs
>
> access to dn=".*,dc=example,dc=com" attr=userPassword
> by dn="cn=root,dc=example,dc=com" write
> by self write
> by * auth
>
> access to dn=".*,dc=example,dc=com" attr=mail
> by dn="cn=root,dc=example,dc=com" write
> by self write
> by * read
>
> access to dn=".*,ou=People,dc=example,dc=com"
> by * read
>
> access to dn=".*,dc=example,dc=com"
> by self write
> by * read
>
> slapd.conf slave:
>
> access to dn=".*,dc=example,dc=com"
> attrs=children
> by dn="cn=replicator,dc=example,dc=com" write
>
> database ldbm
> suffix "dc=spmresorts,dc=com"
> rootdn "cn=root,dc=example,dc=com"
>
> # Cleartext passwords, especially for the rootdn, should
> # be avoided. See slappasswd(8) and slapd.conf(5) for details.
> # Use of strong authentication encouraged.
> rootpw {CRYPT}a8trcz2h1g9QY
>
> # The database directory MUST exist prior to running slapd AND
> # should only be accessible by the slapd/tools. Mode 700 recommended.
> directory /var/lib/ldap
> #
> updatedn "cn=replicator,dc=example,dc=com"
>
> and the rest is the same as above.
>
> Any help would be greatly appreciated.
> Thanks, Swavek Hryniewicz.
>
> Ps. rootpw is the same in both of these files.
>
>
>
--
......................
..... Jason C. Leach
..
Current PGP/GPG Key ID: 43AD2024