[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Replication with Open LDAP

To: jools@oss4all.plus.com
Subject: Re: Replication with Open LDAP
From: "matthew sporleder" <msporleder@gmail.com>
Date: Thu, 5 Apr 2007 13:29:43 -0400
Cc: openldap-software@openldap.org
Content-disposition: inline
In-reply-to: <9682515e0bb630b8b14e0e5595747459@webmail.plus.net>
References: <9682515e0bb630b8b14e0e5595747459@webmail.plus.net>

On 4/5/07, Jools <jools@oss4all.plus.com> wrote:

Hi All,

I'm half way through implementing and LDAP Master/Slave setup and have ground to
a halt on replication.

I have LDAP working fine on the master and Samba works fine with it but I can't
get the slurpd to push changes to the slave.

When I try I get the following:

Apr  5 15:15:37 smb7 slapd[5578]: fd=16 DENIED from unknown (172.20.0.105)


I have the following in slapd.conf on the master:

replica host=172.20.0.107:389

binddn="cn=Replicator,dc=People,dc=bordengrammar,dc=kent,dc=sch,dc=uk"
                bindmethod=simple credentials=??????????? (omitted for obvious
reasons)

and this on the slave:

# Replicas running syncrepl as non-rootdn
"cn=Administrator,dc=bordengrammar,dc=kent,dc=sch,dc=uk"
limits group="cn=Replicator,dc=Group,dc=bordengrammar,dc=kent,dc=sch,dc=uk"
 size=unlimited
 time=unlimited

# ACL ensuring replicator has write access
access to *
       by group="cn=Replicator,ou=Group,dc=bordengrammar,dc=kent,dc=sch,dc=uk" write
       by * read

# Replica configuration (if this server is a slave)
updatedn        "cn=Replicator,dc=People,dc=bordengrammar,dc=kent,dc=sch,dc=uk"
updateref       "ldap://172.20.0.105";


Your updatedn doesn't match your ACL.

Can you try some stuff with
cn=Replicator,ou=Group,dc=bordengrammar,dc=kent,dc=sch,dc=uk directly
with ldapmodify first?  And then change the updatedn or acl
accordingly.

Maybe you should try using access to * by dn.exact="" write instead of group="".

Also:

# Replicas running syncrepl as non-rootdn
"cn=Administrator,dc=bordengrammar,dc=kent,dc=sch,dc=uk"
limits group="cn=Replicator,dc=Group,dc=bordengrammar,dc=kent,dc=sch,dc=uk"
 size=unlimited
 time=unlimited


You're not using syncrepl (at least, you seem to want to use slurpd),
so that's a little confusing.
And I'm also not sure if this 'limits' is going to work for the same
reasons I'm not sure about the acl.

fyi- slurpd is getting deprecated in 2.5 or something.

_Matt

Follow-Ups:
- Re: Replication with Open LDAP
  - From: Quanah Gibson-Mount <quanah@stanford.edu>

References:
- Replication with Open LDAP
  - From: Jools <jools@oss4all.plus.com>

Prev by Date: RE: LDIF format question for Openldap-2.3.27
Next by Date: Re: Replication with Open LDAP
Index(es):
- Chronological
- Thread