[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slapo-chain on syncrepl slave. I simply can't get it working. Help??

To: "Gavin Henry" <ghenry@suretecsystems.com>
Subject: Re: slapo-chain on syncrepl slave. I simply can't get it working. Help??
From: elekktretterr@exemail.com.au
Date: Sun, 29 Jul 2012 20:19:18 +1000
Cc: elekktretterr@exemail.com.au, openldap-technical@openldap.org
Importance: Normal
In-reply-to: <CAPcb_G+=tNO_kcpzgc8qdAuFbuUu5_+y5K7-KySHyxaHo3pDnA@mail.gmail.com>
References: <ed8d6af67ab9ebed24a86cb1d2a7db9c.squirrel@webmail.exetel.com.au> <CAPcb_G+PxnRigeVv__nv==KBr8L5O3bHH+kWHhTmFH_XjPiWoQ@mail.gmail.com> <a14d4a558296ddf9230ce862f1ec656a.squirrel@webmail.exetel.com.au> <CAPcb_GJ3YEJm+DLZnxGNOuTPmQP9jV5iWa1vUA-4krjkiY1WxA@mail.gmail.com> <6427fd5bc346482e4de6131db6f01fa4.squirrel@webmail.exetel.com.au> <CAPcb_G+=tNO_kcpzgc8qdAuFbuUu5_+y5K7-KySHyxaHo3pDnA@mail.gmail.com>
User-agent: SquirrelMail/1.4.21

I also tried to upgrade syncrepl to TLS and while replication works fine
over TLS, chaining still says Strong(er) authentication is needed.

And i get

50150d47 do_bind: dn () SASL mech EXTERNAL
50150d47 ==>slap_sasl2dn: converting SASL name
cn=cn\3Dreplicator,o=webgate,st=some-state,c=au to a DN
50150d47 ==> rewrite_context_apply [depth=1]
string='cn=cn\3Dreplicator,o=webgate,st=some-state,c=au'
50150d47 ==> rewrite_rule_apply rule='cn=replicator'
string='cn=cn\3Dreplicator,o=webgate,st=some-state,c=au' [1 pass(es)]
50150d47 ==> rewrite_context_apply [depth=1]
res={0,'cn=cn\3Dreplicator,o=webgate,st=some-state,c=au'}
50150d47 slap_parseURI: parsing
cn=cn\3Dreplicator,o=webgate,st=some-state,c=au
ldap_url_parse_ext(cn=cn\3Dreplicator,o=webgate,st=some-state,c=au)
50150d47 >>> dnNormalize: <cn=cn\3Dreplicator,o=webgate,st=some-state,c=au>
50150d47 <<< dnNormalize: <cn=cn\3Dreplicator,o=webgate,st=some-state,c=au>
50150d47 <==slap_sasl2dn: Converted SASL name to
cn=cn\3Dreplicator,o=webgate,st=some-state,c=au
50150d47 slap_sasl_getdn: dn:id converted to
cn=cn\3Dreplicator,o=webgate,st=some-state,c=au
50150d47 SASL Authorize [conn=1017]:  proxy authorization allowed authzDN=""
50150d47 send_ldap_sasl: err=0 len=-1
50150d47 do_bind: SASL/EXTERNAL bind:
dn="cn=cn\3Dreplicator,o=webgate,st=some-state,c=au" sasl_ssf=0


ive got this on the master:

authz-policy    to
authz-regexp cn=replicator "cn=replicator,ou=daemons,dc=webgate,dc=net,dc=au"

"cn=replicator" is the CommonName set in the private key

References:
- slapo-chain on syncrepl slave. I simply can't get it working. Help??
  - From: elekktretterr@exemail.com.au
- Re: slapo-chain on syncrepl slave. I simply can't get it working. Help??
  - From: Gavin Henry <ghenry@suretecsystems.com>
- Re: slapo-chain on syncrepl slave. I simply can't get it working. Help??
  - From: elekktretterr@exemail.com.au
- Re: slapo-chain on syncrepl slave. I simply can't get it working. Help??
  - From: Gavin Henry <ghenry@suretecsystems.com>

Prev by Date: Re: slapo-chain on syncrepl slave. I simply can't get it working. Help??
Next by Date: Re: slapo-chain on syncrepl slave. I simply can't get it working. Help??
Index(es):
- Chronological
- Thread