[Date Prev][Date Next] [Chronological] [Thread] [Top]

[SUMMARY] Slave/Replica server authentication/authorization question

To: openldap-software@OpenLDAP.org
Subject: [SUMMARY] Slave/Replica server authentication/authorization question
From: "Aaron M. Hirsch" <Aaron.Hirsch@atosorigin.com>
Date: Wed, 25 Feb 2004 11:51:58 -0600
In-reply-to: <403CC6CC.3040004@atosorigin.com>
Organization: AtosOrigin
References: <403CC6CC.3040004@atosorigin.com>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6b) Gecko/20031205 Thunderbird/0.4

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Well, I'm not really sure if this was the fix or not, but on the
master server I had password-has {CRYPT} and I didn't have it on the
slave/replica server.  I changed this and everything is working as it
should.

| I have a master server and a slave/replica server.  All the
| information that is popluated in the master server is in the
| slave/replica server.  Changes performed on the master server are
| propogated out properly to the slava/replica server.  I've verified
|  this through the use of the ldapbrowser tool.  The problem is that
| if I point a ldap client to the slave/replica server for
| authentication it fails.  Yup, I get err=49 when attempting to bind
| to the slave/replica server.
|
| openldap 2.2.4, openssl-0.9.7c, cyrus-sasl-2.1.17 and db-4.2.52 are
|  the packages used, which are the same on the master server.
|
| Here is the slapd.conf from the slave/replica server:
|
| bash-2.05# cat slapd.conf # # See slapd.conf(5) for details on
| configuration options. # This file should NOT be world readable. #
| include         /opt/ldap/etc/openldap/schema/core.schema include
| /opt/ldap/etc/openldap/schema/cosine.schema include
| /opt/ldap/etc/openldap/schema/inetorgperson.schema include
| /opt/ldap/etc/openldap/schema/nis.schema include
| /opt/ldap/etc/openldap/schema/misc.schema include
| /opt/ldap/etc/openldap/schema/solaris.schema
|
| allow bind_v2 bind_anon_dn loglevel        296 pidfile
| /opt/ldap/var/run/slapd.pid argsfile
| /opt/ldap/var/run/slapd.args
|
| TLSCipherSuite          HIGH:MEDIUM TLSCertificateFile
| /opt/ldap/etc/openldap/slapd-cert.pem TLSCertificateKeyFile
| /opt/ldap/etc/openldap/slapd-key.pem
|
| database        bdb readonly        off suffix
| "dc=cellnet,dc=com" rootdn          "cn=replica,dc=cellnet,dc=com"
| updatedn        "cn=replica,dc=cellnet,dc=com" updateref
| https://konldap1.cellnet.com/ldap/ldap_config.pl rootpw
| {SSHA}5vb4Mp3BltJOBhnwCecA6FGN1zECY7Wp directory
| /var/lib/ldap mode            0700
|
| index objectClass                       eq,pres index
| ou,cn,mail,surname,givenname      eq,pres,sub index
| uidNumber,gidNumber,loginShell    eq,pres index uid,memberUid
| eq,pres,sub index nisMapName,nisMapEntry            eq,pres,sub
| index nisNetgroupTriple                 pres
|
| I'm looking online now, but not finding any answers.  The master
| server is a RH 3.0 Linux server and the slave/replica is a Sun
| Solaris 9 machine.
|
| Does anyone have any insight into why authorization/authentication
| works on the master but not the slave/replica?
|
| I did have the same ACL's on the slave/replica as the master but
| that didn't work either.
|

- --
Aaron M. Hirsch
Atos Origin - Cellnet
11146 Thompson Ave.
Lenexa, KS 66219
Work:(913) 312-4717
Fax:(913) 312-4701
Mobile:(913) 284-9094
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFAPOC+gBD+XyMGAPwRAhf8AJ9Pjrd3e3gSYGPtdgws31vm6EhjrwCfdxnU
NduyO99PwQ71Ht4kJexRkUE=
=weqO
-----END PGP SIGNATURE-----

Follow-Ups:
- Re: Slave/Replica server authentication/authorization question
  - From: "Aaron M. Hirsch" <Aaron.Hirsch@atosorigin.com>

References:
- Slave/Replica server authentication/authorization question
  - From: "Aaron M. Hirsch" <Aaron.Hirsch@atosorigin.com>

Prev by Date: Re: Slave/Replica server authentication/authorization question
Next by Date: Re: Replication: BerkeleyDB's vs. OpenLDAP's
Index(es):
- Chronological
- Thread