[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: syncrepl/sasl problems
Thanks Howard
I updated my config files according to the 2.3 Documentation but I still have the same problem. Slapd starts without error on both the master and the slave but when it runs syncrepl it complains about the sasl interactive bind that fails:
Here is my new master slapd.conf:
++++++++++++++++++++++++++++++++++++++++++
loglevel 256
TLSCertificateFile /etc/openldap/servercert.pem
TLSCACertificateFile /etc/openldap/cacert.pem
TLSCertificateKeyFile /etc/openldap/serverkey.pem
database bdb
suffix "dc=tbiraq,dc=com"
rootdn "cn=Administrator,dc=mydomain,dc=com"
rootpw "{ssha}mypassword"
directory /var/lib/ldap/
checkpoint 1024 5
cachesize 10000
index objectClass,uidNumber,gidNumber eq
index member,mail eq,pres
index cn,displayname,uid,sn,givenname sub,eq,pres
#Entries for replication using sync-repl
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
+++++++++++++++++++++++++++++++++++++++++++++++++++++++
And the slave slapd.conf
+++++++++++++++++++++++++++++++++++++++++++++++++++++++
loglevel 256
TLSCertificateFile /etc/openldap/servercert.pem
TLSCACertificateFile /etc/openldap/cacert.pem
TLSCertificateKeyFile /etc/openldap/serverkey.pem
database bdb
suffix "dc=tbiraq,dc=com"
rootdn "cn=replica,dc=mydomain,dc=com"
rootpw "{ssha}mypassword"
directory /var/lib/ldap/
checkpoint 1024 5
cachesize 10000
index objectClass,uidNumber,gidNumber eq
index member,mail eq,pres
index cn,displayname,uid,sn,givenname sub,eq,pres
#Entries for replication using sync-repl
syncrepl rid=123
provider=ldap://ldap1.tbiraq.com
type=refreshAndPersist
#interval=01:00:00:00
searchbase="dc=mydomain,dc=com"
filter="(objectClass=organizationalPerson)"
scope=sub
attrs="cn,sn,ou,telephoneNumber,title,l"
schemachecking=off
#updatedn="cn=replica,dc=mydomain,dc=com"
bindmethod=sasl
#saslmech=digest-md5
binddn="cn=Administrator,dc=mydomain,dc=com"
credentials="{ssha}mypassword"
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
This is the /var/log/messages on the master:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Nov 16 05:56:50 ldap1 slapd[22629]: conn=8 fd=16 ACCEPT from IP=
192.168.2.246:14230 (IP=0.0.0.0:389)
Nov 16 05:56:50 ldap1 slapd[22629]: conn=8 op=0 SRCH base="" scope=0 deref=0 filter="(objectClass=*)"
Nov 16 05:56:50 ldap1 slapd[22629]: conn=8 op=0 SRCH attr=supportedSASLMechanisms
Nov 16 05:56:50 ldap1 slapd[22629]: conn=8 op=0 SEARCH RESULT tag=101 err=0 nentries=1 text=
Nov 16 05:56:50 ldap1 slapd[22629]: conn=8 op=1 UNBIND
Nov 16 05:56:50 ldap1 slapd[22629]: conn=8 fd=16 closed
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
And /var/log/messages on the slave:
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Nov 15 14:22:29 ldap2 slapd[10667]: slapd starting
Nov 15 14:22:29 ldap2 slapd[10667]: do_syncrep1: ldap_sasl_interactive_bind_s failed (16)
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
So even with the updated syntax, it seems that my problem has to do with sasl?
Thanks in advance
Lawrence
On 14/11/2007, Howard Chu <hyc@symas.com
> wrote:Lawrence Strydom wrote:
> Hi List,
>
> I need to configure a master and slave ldap server with replication. Icrepl
> am running openSUSE10.2 and openldap2-2.3.27-25. Initially I was using
> slurpd but syncrepl was recommended to me as being more agreeable with
> my ldap version.
>
> I configured my master and slave according to the instructions from the
> openldap web site:
> http://www.openldap.org/doc/admin22/syncrepl.html
You're reading the OpenLDAP 2.2 Admin Guide but you're running OpenLDAP
2.3.
You really need to use the documentation that matches the version of software
you're using.
The configurations you have here are invalid.
> Here is the slave slapd.conf:
> And here is my master
slapd.conf
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/