[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Syncrepl : Authentication issue

To: openldap-technical@openldap.org
Subject: Re: Syncrepl : Authentication issue
From: Buchan Milne <bgmilne@staff.telkomsa.net>
Date: Fri, 27 Nov 2009 12:52:12 +0100
Cc: smainklh@free.fr
Content-disposition: inline
In-reply-to: <1259249700.4b0ea02474197@imp.free.fr>
References: <1259249700.4b0ea02474197@imp.free.fr>
User-agent: KMail/1.11.4 (Linux/2.6.29.6-desktop-2mnb; KDE/4.2.4; x86_64; ; )

On Thursday, 26 November 2009 16:35:00 smainklh@free.fr wrote:
> Hello guys,
>
> I'm meeting an issue when configuring ldap replication.
> The synchronisation account doesn't authenticate with the provider.
>
> Here are my configuration files :
>
> /etc/ldap/slapd.conf (provider):
> -----------------------
> moduleload      syncprov
> database        bdb
> overlay syncprov
> syncprov-checkpoint 100 10
> syncprov-sessionlog 100
>
> index           objectClass,entryCSN,entryUUID eq
>
> /etc/ldap/slapd.conf (consumer):
> --------------------------
> Syncrepl       rid=666
>                provider=ldaps://provider.domain.tld:636/
>                type=refreshOnly
>                retry="60 10 600 +"
>                interval=00:00:30:00
>                searchbase="dc=domain,dc=tld"
>                scope=sub
>                schemachecking=on
>                bindmethod=simple
>                binddn="cn=syncrepluser,dc=domain,dc=tld"
>                credentials=secret
>
> Errors below :
> >From consumer
>
> ------------
> slap_client_connect: URI=ldaps://provider.domain.tld:636/
> DN="cn=syncrepluser,dc=domain,dc=tld" ldap_sasl_bind_s failed (49)
> do_syncrepl: rid=666 retrying (9 retries left)
>
> >From provider
>
> ------------
> Nov 26 15:28:47 provider slapd[2514]: do_bind: version=3
> dn="cn=syncrepluser,dc=domain,dc=tld" method=128
> Nov 26 15:28:47 provider slapd[2514]:
> bdb_dn2entry("cn=syncrepluser,dc=domain,dc=tld")
> Nov 26 15:28:47 provider slapd[2514]: =>
> bdb_dn2id("cn=syncrepluser,dc=domain,dc=tld")
> Nov 26 15:28:47 provider slapd[2514]: <= bdb_dn2id: get failed:
> DB_NOTFOUND: No matching key/data pair found (-30990)

The DN you specified doesn't seem to exist.

> Nov 26 15:28:47 provider slapd[2514]: send_ldap_result: conn=3 op=0 p=3
> Nov 26 15:28:47 provider slapd[2514]: send_ldap_response: msgid=1 tag=97
> err=49 Nov 26 15:28:47 provider slapd[2514]: connection_get(14): got
> connid=3 Nov 26 15:28:47 provider slapd[2514]: connection_read(14):
> checking for input on id=3
> Nov 26 15:28:47 provider slapd[2514]: ber_get_next on fd 14 failed errno=0
> (Success)
> Nov 26 15:28:47 provider slapd[2514]: connection_closing: readying conn=3
> sd=14 for close
> Nov 26 15:28:47 provider slapd[2514]: connection_close: deferring conn=3
> sd=14 Nov 26 15:28:47 provider slapd[2514]: conn=3 op=1 do_unbind
> Nov 26 15:28:47 provider slapd[2514]: connection_resched: attempting
> closing conn=3 sd=14
> Nov 26 15:28:47 provider slapd[2514]: connection_close: conn=3 sd=14
>
>
> Do i have to create an account in the ldap tree?

Syncrepl performs an LDAP search against the provider. As with any ldap 
search, it needs to perform a bind as an identity that has sufficient access to 
retrieve the data it needs to replicate the directory content. You could 
either use the rootdn on the provider (not recommended) or anonymous access 
(not recommended) with a totally unsecured provider, or you need to use a DN 
that has been granted sufficient access.

See for example: 
http://www.openldap.org/doc/admin24/replication.html#Set%20up%20the%20consumer%20slapd

(unfortunately, the preceding section doesn't show the access controls 
mentioned, nor the creation of the DN)

> Is there a problem using SSL?

A problem with SSL wouldn't give you an "invalid credentials" error.

Regards,
Buchan

Follow-Ups:
- Re: Syncrepl : Authentication issue
  - From: smainklh@free.fr

References:
- Syncrepl : Authentication issue
  - From: smainklh@free.fr

Prev by Date: Re: LDAP + squid
Next by Date: Re: Syncrepl : Authentication issue
Index(es):
- Chronological
- Thread