[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: replication security

To: OpenLDAP-software@OpenLDAP.org
Subject: RE: replication security
From: "John Halfpenny" <jhalfpenny@excite.com>
Date: Thu, 10 Nov 2005 10:44:13 -0500 (EST)

hi ran, 

i'm using the ldap manager account for replication at the master end, shouldn't i be doing that? the passwords are the same at both ends for that account...

replica host=slave.my.local:389
 binddn="cn=Manager,dc=my,dc=local"


 --- On Wed 11/09, Ran Li < Ran.Li@sprint-canada.com > wrote:
From: Ran Li [mailto: Ran.Li@sprint-canada.com]
To: jhalfpenny@excite.com, OpenLDAP-software@OpenLDAP.org
Date: Wed, 9 Nov 2005 16:12:13 -0500
Subject: RE: replication security

just a thought, the problem you could not update could be you use the<br>rootdn of slave as updatedn.<br><br><br>-----Original Message-----<br>From: owner-openldap-software@OpenLDAP.org<br>[mailto:owner-openldap-software@OpenLDAP.org] On Behalf Of John<br>Halfpenny<br>Sent: Wednesday, November 09, 2005 7:05 AM<br>To: OpenLDAP-software@OpenLDAP.org<br>Subject: replication security<br><br><br><br>hi everybody,<br><br>i have a couple of small questions regarding my openldap replication<br>setup, if anyone knows the answers i would appreciate it enormously :-)<br><br>if i run with a cleartext password for the updatedn, and turn off<br>readonly on the slave, all works well, i.e.<br><br>master-<br><br>replica host=master.my.local:389  binddn="cn=Manager,dc=my,dc=local"<br> bindmethod=simple credentials=mypass<br> syncrepl<br><br>slave-<br><br>updatedn "cn=Manager,dc=my,dc=local"<br> referral ldap://master.my.local<br><br>but i have read that the slave should really be readonly, yet 
when i add<br><br> readonly on<br><br>to the slave configuration, it won't allow me to update!<br><br>my other query regards the {SSHA} password option used by the master to<br>bind to the slave, as i can't get this going either. i.e.<br><br>master-<br><br> bindmethod=simple credentials={SSHA}dfsEWF4fw4wrqdsFSD<br><br>does this hashed manager password need to be generated on the slave or<br>the master? or should either suffice?<br><br>thank you very much in advance for any guidance!<br><br>john<br><br>_______________________________________________<br>Join Excite! - http://www.excite.com<br>The most personalized portal on the Web!<br>

_______________________________________________
Join Excite! - http://www.excite.com
The most personalized portal on the Web!

Prev by Date: Re: openldap-server-2.2.29: multimaster support
Next by Date: Re: replication security (i)
Index(es):
- Chronological
- Thread