[Date Prev][Date Next] [Chronological] [Thread] [Top]

Slurpd replication with sasl gssapi

To: openldap-software@OpenLDAP.org
Subject: Slurpd replication with sasl gssapi
From: Matthijs Mohlmann <matthijs@cacholong.nl>
Date: Wed, 06 Oct 2004 19:40:54 +0200

Hi,

I'm trying to get my slave working but it won't work.

On the slave i have my updatedn on:
uid=repli,dc=cacholong,dc=nl

This uid is in the ldap database on both servers.

I have my sasl-regexp on the following:
uid=(.*),cn=cacholong.nl,cn=gssapi,cn=auth
ldap://uid=$1,dc=cacholong,dc=nl

On the master i have this in my replica configuration item:
replica         uri=ldap://tux.cacholong.nl:389
                binddn="uid=repli,dc=cacholong,dc=nl"
                bindmethod=sasl saslmech=GSSAPI

But i can't get to work slurpd with GSSAPI / SASL

While gssapi is working at all i can do with my ticket everything like
ldapsearch, ldapadd and so on. But i think i'm missing a part. But i
can't find it. Do the slave server now about the replication service
ticket (repli@CACHOLONG.NL). When i do the following commands without a
ticket i get the error "LDAP SASL for tux.cacholong.nl:389 failed: Local
error" So the SASL GSSAPI stuff works.

When i now do the following command:
server:/var/spool/slurpd/replica# slurpd -d 4 -o -r
/var/spool/slurpd/replica/slurpd.replog
@(#) $OpenLDAP: slurpd 2.1.30 (Jul 27 2004 08:06:46) $
       
@euklid:/home/roland/debian/openldap/build/2.1.30/openldap2-2.1.30/debian/build/servers/slurpd

No status file found, defaulting values
Processing in one-shot mode:
1 total replication records in file,
1 replication records to process.
begin replication thread for tux.cacholong.nl:389
Initializing session to ldap://tux.cacholong.nl:389
bind to tux.cacholong.nl as - via GSSAPI (SASL)
request 1 done
request 2 done
request 3 done
replica tux.cacholong.nl:389 - add dn "uid=blaat,dc=cacholong,dc=nl"
Error: ldap_add_s failed adding "": uid=blaat,dc=cacholong,dc=nl
Error: ldap operation failed, data written to
"/var/spool/slurpd/replica/tux.cacholong.nl:389.rej"
end replication thread for tux.cacholong.nl:389
slurpd: terminated.

I start my slave server with:
slapd -d 4 <- so i can debug some things and i get this:

And then i get the following:
connection_get(10)
==> sasl_bind: dn="uid=repli,dc=cacholong,dc=nl" mech=GSSAPI datalen=529
connection_get(10)
==> sasl_bind: dn="uid=repli,dc=cacholong,dc=nl" mech=<continuing>
datalen=0
connection_get(10)
==> sasl_bind: dn="uid=repli,dc=cacholong,dc=nl" mech=<continuing>
datalen=65
SASL Canonicalize [conn=0]: authcid="repli"
slap_sasl_getdn: id=repli [len=5]
SASL Canonicalize [conn=0]:
authcDN="uid=repli,cn=cacholong.nl,cn=gssapi,cn=auth"
SASL Authorize [conn=0]: authcid="repli@CACHOLONG.NL"
authzid="repli@CACHOLONG.NL"
connection_get(10)
do_add: dn (uid=blaat,dc=cacholong,dc=nl)
send_ldap_result: err=10 matched="" text=""
send_ldap_result:
referral="ldap://server.cacholong.nl/uid=blaat,dc=cacholong,dc=nl";
send_ldap_response:
ref="ldap://server.cacholong.nl/uid=blaat,dc=cacholong,dc=nl";
connection_get(10)

Well i hope you can point me out to something...

Follow-Ups:
- Re: Slurpd replication with sasl gssapi
  - From: Matthijs Mohlmann <matthijs@cacholong.nl>

Prev by Date: Re: How can I define unique attribute types in my own schema?
Next by Date: Re: regex in group ACL
Index(es):
- Chronological
- Thread