[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: replication security

To: <jhalfpenny@excite.com>, <OpenLDAP-software@OpenLDAP.org>
Subject: RE: replication security
From: "Ran Li" <Ran.Li@sprint-canada.com>
Date: Thu, 10 Nov 2005 13:34:15 -0500
Content-class: urn:content-classes:message
Thread-index: AcXmE35jVwHTbL/pQCSUEc3gYP3sSAAD++PA
Thread-topic: replication security

the question was not what binddn or password you are using for
master/slave, the question is ... is this binddn ... "ldap manager
account" (at the master end) the rootdn of your slave server?

do you have the line 
rootdn          "cn=Manager,dc=my,dc=local"
in your slave slapd.conf file

if this is the case, please refer to

http://www.openldap.org/doc/admin23/replication.html

section 14.4.1. Set up the master slapd

also, Buchan 's message explained everything.

Regards,

Ran


-----Original Message-----
From: owner-openldap-software@OpenLDAP.org
[mailto:owner-openldap-software@OpenLDAP.org] On Behalf Of John
Halfpenny
Sent: Thursday, November 10, 2005 10:44 AM
To: OpenLDAP-software@OpenLDAP.org
Subject: RE: replication security



hi ran, 

i'm using the ldap manager account for replication at the master end,
shouldn't i be doing that? the passwords are the same at both ends for
that account...

replica host=slave.my.local:389  binddn="cn=Manager,dc=my,dc=local"


 --- On Wed 11/09, Ran Li < Ran.Li@sprint-canada.com > wrote:
From: Ran Li [mailto: Ran.Li@sprint-canada.com]
To: jhalfpenny@excite.com, OpenLDAP-software@OpenLDAP.org
Date: Wed, 9 Nov 2005 16:12:13 -0500
Subject: RE: replication security

just a thought, the problem you could not update could be you use
the<br>rootdn of slave as updatedn.<br><br><br>-----Original
Message-----<br>From:
owner-openldap-software@OpenLDAP.org<br>[mailto:owner-openldap-software@
OpenLDAP.org] On Behalf Of John<br>Halfpenny<br>Sent: Wednesday,
November 09, 2005 7:05 AM<br>To:
OpenLDAP-software@OpenLDAP.org<br>Subject: replication
security<br><br><br><br>hi everybody,<br><br>i have a couple of small
questions regarding my openldap replication<br>setup, if anyone knows
the answers i would appreciate it enormously :-)<br><br>if i run with a
cleartext password for the updatedn, and turn off<br>readonly on the
slave, all works well, i.e.<br><br>master-<br><br>replica
host=master.my.local:389  binddn="cn=Manager,dc=my,dc=local"<br>
bindmethod=simple credentials=mypass<br>
syncrepl<br><br>slave-<br><br>updatedn "cn=Manager,dc=my,dc=local"<br>
referral ldap://master.my.local<br><br>but i have read that the slave
should really be readonly, ye!  t 
when i add<br><br> readonly on<br><br>to the slave configuration, it
won't allow me to update!<br><br>my other query regards the {SSHA}
password option used by the master to<br>bind to the slave, as i can't
get this going either. i.e.<br><br>master-<br><br> bindmethod=simple
credentials={SSHA}dfsEWF4fw4wrqdsFSD<br><br>does this hashed manager
password need to be generated on the slave or<br>the master? or should
either suffice?<br><br>thank you very much in advance for any
guidance!<br><br>john<br><br>___________________________________________
____<br>Join Excite! - http://www.excite.com<br>The most personalized
portal on the Web!<br>

_______________________________________________
Join Excite! - http://www.excite.com
The most personalized portal on the Web!

Prev by Date: Re: Ref : Re: openldap-server-2.2.29: multimaster support
Next by Date: Re: ADD from MIIS causes slapd crashes
Index(es):
- Chronological
- Thread