|
I’m receiving the following error on my consumer,
using logging -d stats + args + trace + sync 2> /var/log/ldap @(#) $OpenLDAP: slapd 2.4.22 (May 21 2010 12:10:42) $
@cambridge:/usr/local/openldap-2.4.22/servers/slapd slapd starting slap_client_connect:
URI=ldap://oxford.unix1.city.ac.uk:389
DN="cn=replicator,dc=city,dc=ac,dc=uk" ldap_sasl_bind_s failed (49) I can see from the documentation that my consumer is not
authenticating to my provider, but I can’t see what the error is. If any
other info would help please let me know. I have created the uid for replicator and repeated this
search with the ‘access to attrs=userPassword’ line commented out on
the provider to ensure that the userPassword for replicator is clear text ‘secret’.
I can also perform this search from the consumer successfully. ldapsearch -x -b dc=city,dc=ac,dc=uk uid=replicator version: 1 dn: uid=replicator,ou=users,dc=city,dc=ac,dc=uk objectClass: person objectClass: posixAccount objectClass: inetOrgPerson sn: replicator cn: replicator uid: replicator uidNumber: 22258 gidNumber: 22258 homeDirectory: /export/home/replicator userPassword: secret displayName: replicator mail: None labeledURI: None description: openLDAP replication id Consumer ldap.conf: database bdb suffix "dc=city,dc=ac,dc=uk" rootdn "cn=DSAmgr,dc=city,dc=ac,dc=uk" rootpw {CRYPT}******* directory /var/opt/csw/openldap-data index default pres,eq,sub index objectClass eq index cn index sn index uid access to attrs=userPassword by anonymous auth by * none access to * by * read index entryUUID eq syncrepl rid=0 provider=ldap://oxford.unix1.city.ac.uk:389 bindmethod=simple
binddn="cn=replicator,dc=city,dc=ac,dc=uk" credentials=secret searchbase="dc=city,dc=ac,dc=uk" logbase="cn=accesslog"
logfilter="(&(objectClass=auditWriteObject)(reqResult=0))" schemachecking=on type=refreshAndPersist retry="60 +" syncdata=accesslog updateref ldap://oxford.unix1.city.ac.uk database monitor Provider ldap.conf: database bdb suffix "dc=city,dc=ac,dc=uk" rootdn "cn=DSAmgr,dc=city,dc=ac,dc=uk" rootpw {CRYPT}aZmvWMwFgg.vk directory /var/opt/csw/openldap-data index default pres,eq,sub index objectClass eq index cn index sn index uid access to * by
dn.base="cn=replicator,dc=city,dc=ac,dc=uk" read by * break access to attrs=userPassword by anonymous auth by * none access to * by * read modulepath /usr/local/openldap-2.4.22 moduleload back_bdb.la moduleload accesslog.la moduleload syncprov.la database bdb suffix cn=accesslog directory /var/opt/csw/accesslog rootdn cn=accesslog index default eq index objectClass,reqEnd,reqResult,reqStart overlay syncprov syncprov-nopresent TRUE syncprov-reloadhint TRUE limits
dn.exact="cn=replicator,dc=city,dc=ac,dc=uk" time.soft=unlimited
time.hard=unlimited size.soft=unlimited size.hard=unlimited # database bdb # suffix "dc=dc=city,dc=ac,dc=uk" # rootdn "cn=DSAmgr,dc=city,dc=ac,dc=uk" index entryCSN eq index entryUUID eq overlay syncprov syncprov-checkpoint 1000 60 overlay accesslog logdb cn=accesslog logops writes logsuccess TRUE logpurge 99+00:00 00+00:01 # Let the replica DN have limitless searches limits
dn.exact="cn=replicator,dc=city,dc=ac,dc=uk" time.soft=unlimited
time.hard=unlimited size.soft=unlimited size.hard=unlimited database monitor |