[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Replication error: Invalid credentials

To: <scott.walker@magma.ca>
Subject: Re: Replication error: Invalid credentials
From: "Pierangelo Masarati" <ando@sys-net.it>
Date: Thu, 22 Apr 2004 22:59:10 +0200 (CEST)
Cc: <openldap-software@OpenLDAP.org>
Importance: Normal
In-reply-to: <40882F1F.1050607@magma.ca>
References: <40881F10.9010505@magma.ca> <61629.81.72.89.40.1082665992.squirrel@webmail.sys-net.it> <40882F1F.1050607@magma.ca>

> Thanks
>
> I entered the following in to the slave db's:
>
> dn: cn=replicator,o=domain.ca
> objectClass: top
> objectClass: organizationalRole
> cn: replicator
>
> dn: cn=replicator2,o=domainauth
> objectClass: top
> objectClass: organizationalRole
> cn: replicator2
>
> And getting the following error:
> Error: ldap_simple_bind_s for ldap2-int.domain.ca:389 failed:
> Inappropriate authentication
>
> Do I need to enter passwords in the above db's entries?

If you intend to use simple bind, yes.  Otherwise, use SASL bind with
password stored somewhere else, e.g. in the sasldb, or via gssapi or so. 
Simple bind, to my knowledge, requires attribute userPassword to be set. 
You may want to generate passwords with slappasswd to use appropriate
encryption; see slappasswd(5).

Note that organizationalRole does not aallow userPassword; you may add
simpleSecurityObject auxiliary objectclass to allow the userPassword
attribute.

p.

>
> note: using openldap 2.1.29

I think this applies ever since. Not an issue.

p.

-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it

References:
- Replication error: Invalid credentials
  - From: Scott Walker <scott.walker@magma.ca>
- Re: Replication error: Invalid credentials
  - From: "Pierangelo Masarati" <ando@sys-net.it>
- Re: Replication error: Invalid credentials
  - From: Scott Walker <scott.walker@magma.ca>

Prev by Date: Re: Replication error: Invalid credentials
Next by Date: Re: server side sorting & paging?
Index(es):
- Chronological
- Thread