[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Slurpd replication with sasl gssapi



On Wed, 2004-10-06 at 19:40, Matthijs Mohlmann wrote:
> Hi,
> 
> I'm trying to get my slave working but it won't work.
> 
> On the slave i have my updatedn on:
> uid=repli,dc=cacholong,dc=nl
> 
> This uid is in the ldap database on both servers.
> 
> I have my sasl-regexp on the following:
> uid=(.*),cn=cacholong.nl,cn=gssapi,cn=auth
> ldap://uid=$1,dc=cacholong,dc=nl
> 
> On the master i have this in my replica configuration item:
> replica         uri=ldap://tux.cacholong.nl:389
>                 binddn="uid=repli,dc=cacholong,dc=nl"
>                 bindmethod=sasl saslmech=GSSAPI
> 
> But i can't get to work slurpd with GSSAPI / SASL
> 
> While gssapi is working at all i can do with my ticket everything like
> ldapsearch, ldapadd and so on. But i think i'm missing a part. But i
> can't find it. Do the slave server now about the replication service
> ticket (repli@CACHOLONG.NL). When i do the following commands without a
> ticket i get the error "LDAP SASL for tux.cacholong.nl:389 failed: Local
> error" So the SASL GSSAPI stuff works.
> 
> When i now do the following command:
> server:/var/spool/slurpd/replica# slurpd -d 4 -o -r
> /var/spool/slurpd/replica/slurpd.replog
> @(#) $OpenLDAP: slurpd 2.1.30 (Jul 27 2004 08:06:46) $
>        
> @euklid:/home/roland/debian/openldap/build/2.1.30/openldap2-2.1.30/debian/build/servers/slurpd
> 
> No status file found, defaulting values
> Processing in one-shot mode:
> 1 total replication records in file,
> 1 replication records to process.
> begin replication thread for tux.cacholong.nl:389
> Initializing session to ldap://tux.cacholong.nl:389
> bind to tux.cacholong.nl as - via GSSAPI (SASL)
> request 1 done
> request 2 done
> request 3 done
> replica tux.cacholong.nl:389 - add dn "uid=blaat,dc=cacholong,dc=nl"
> Error: ldap_add_s failed adding "": uid=blaat,dc=cacholong,dc=nl
> Error: ldap operation failed, data written to
> "/var/spool/slurpd/replica/tux.cacholong.nl:389.rej"
> end replication thread for tux.cacholong.nl:389
> slurpd: terminated.
> 
> I start my slave server with:
> slapd -d 4 <- so i can debug some things and i get this:
> 
> And then i get the following:
> connection_get(10)
> ==> sasl_bind: dn="uid=repli,dc=cacholong,dc=nl" mech=GSSAPI datalen=529
> connection_get(10)
> ==> sasl_bind: dn="uid=repli,dc=cacholong,dc=nl" mech=<continuing>
> datalen=0
> connection_get(10)
> ==> sasl_bind: dn="uid=repli,dc=cacholong,dc=nl" mech=<continuing>
> datalen=65
> SASL Canonicalize [conn=0]: authcid="repli"
> slap_sasl_getdn: id=repli [len=5]
> SASL Canonicalize [conn=0]:
> authcDN="uid=repli,cn=cacholong.nl,cn=gssapi,cn=auth"
> SASL Authorize [conn=0]: authcid="repli@CACHOLONG.NL"
> authzid="repli@CACHOLONG.NL"
> connection_get(10)
> do_add: dn (uid=blaat,dc=cacholong,dc=nl)
> send_ldap_result: err=10 matched="" text=""
> send_ldap_result:
> referral="ldap://server.cacholong.nl/uid=blaat,dc=cacholong,dc=nl";
> send_ldap_response:
> ref="ldap://server.cacholong.nl/uid=blaat,dc=cacholong,dc=nl";
> connection_get(10)
> 
> Well i hope you can point me out to something...
> 
Well finally my replication works but i've in my updatedn now this:
updatedn        uid=repli,cn=cacholong.nl,cn=gssapi,cn=auth

The problem is the sasl-regexp can someone point me out what's wrong ?
uid=(.*),cn=cacholong.nl,cn=gssapi,cn=auth
ldap://uid=$1,dc=cacholong,dc=nl