[Date Prev][Date Next] [Chronological] [Thread] [Top]

a few questions about replication



Im trying to get replication setup. Both servers Ive compiled openldap
from source. The master is a redhat box with 2.1.19, and the slave is
sunos 5.6.

The master is configured and has been running for a while, with
indirectory SASL secret storage.

I guess my question is how to configure a replica directive to use sasl
binds.

>From the masters slapd.conf:

replica host=phoenix.chebucto.ns.ca:389
        binddn="uid=replicator,o=chebucto,c=ca"
        bindmethod=sasl saslmech=DIGEST-MD5
credentials=replicatorpassword
 
(last line is wraped... all one line in the .conf)

And that fails: Invalid credentials. Just checking now for fun, if I
change the bindmethod to simple and nix the saslmech part, replication
works fine.

So my question here, I guess, is how do you set up replication with
SASL? 

Also, what is an approiate objectClass for my replicator account? Im
using applicationProcess/uidObject/simpleSecurityObject now.


Also, a question about certificates and hostnames.. Should I just share
the servers keys so that they all have they key for ie
"ldap.chebucto.net", which is just RRDNS? Im thinking that if a client
happens to be using the slave server, tries some kind of update, and
then gets refered to ie, master.chebucto.net, then the hostname/key wont
match.


-- 
Jeff Warnica <jeffw@chebucto.ns.ca>