[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: adding access control for replication user

To: openldap-software@OpenLDAP.org
Subject: Re: adding access control for replication user
From: "Robin M." <robin@primus.ca>
Date: Sat, 17 Apr 2004 15:58:17 -0400 (EDT)

On Sat, 17 Apr 2004, Pierangelo Masarati wrote:
> Robin M. wrote:
>
> >I have tried adding various types of rules to allow this account to update
> >the slave, but it seems to reset the default rules so that my other things
> >like webmail, postfix, cyrus no longer work as expected.
> >
> >Can someone post an example of a default ruleset with alowing a replicator
> >account to update slaves.
> >
>
> by dn.exact="<your replicator's DN>" write
> followed by the other <who> clauses.
>
> So, a line
>
> access to attrs=userPassword
> by self write
> by * auth
>
> would become
>
> access to attrs=userPassword
> by dn.exact="<your replicator's DN>" write
> by self write
> by * auth
>
Thanks that does make things work, I did in fact have something similar
exept it was more like ...

access to attrs=userPassword
by dn="<your replicator's DN>" write
by self write
by * auth

I tested replication and this makes it work. Thanks.

This has created another problem for me though. I used to be able to issue
ldapsearch -x
in order to search the database, but now all I see is

[root@unix public_html]# ldapsearch -x
# extended LDIF
#
# LDAPv3
# base <> with scope sub
# filter: (objectclass=*)
# requesting: ALL
#

# search result
search: 2
result: 0 Success

# numResponses: 1

I tried doing

[root@unix public_html]# ldapsearch -D
"UID=ADMINISTRATOR,OU=ADMINS,O=HOMETOWN" -W
Enter LDAP Password:
SASL/OTP authentication started
ldap_sasl_interactive_bind_s: Internal (implementation specific) error
(80)
        additional info: SASL(-1): generic failure: don't have a OTP
secret


and in the log file it tries to find /etc/sasldb2. How do I make it
authenticate right off the ldapdatabase with the ldapsearch command ?

[root@unix public_html]# tail -f /var/log/ldap
Apr 17 13:39:05 unix slapd[8450]: SASL [conn=12] Error: unable to open
Berkeley db /etc/sasldb2: No such file or directory
Apr 17 13:39:05 unix slapd[8450]: SASL [conn=12] Error: unable to open
Berkeley db /etc/sasldb2: No such file or directory
Apr 17 13:39:05 unix slapd[8450]: SASL [conn=12] Failure: no OTP secret in
database
Apr 17 13:39:05 unix slapd[8450]: SASL [conn=12] Failure: don't have a OTP
secret

Follow-Ups:
- Re: adding access control for replication user
  - From: "Pierangelo Masarati" <ando@sys-net.it>

Prev by Date: Re: SOLVED Re: Can I do this with OpenLDAP acls?
Next by Date: RE: Call For Assistance #4 - slapd won't die gracefully, multiple versions.
Index(es):
- Chronological
- Thread