[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACLs and replication



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

I have two OpenLDAP servers running 2.2.17. DS1 is a master as DS9 is a slave. I want to make DS1 replicate to DS9.
I have set up as according to the docs but when I start slurpd with -d2 I can see the error Invalid credentials.

I have set up a cn=ldaprep as the update dn. If I use cn=root then replication work. I think it is something to do with my ACLs. 

Any help would be appreciated.

here are snippets from my conf files.

DS1

access to *
	by group="cn=it,ou=Groups,dc=longhill,dc=brighton-hove,dc=sch,dc=uk" write
	by dn.base="cn=ldaprep,dc=longhill,dc=brighton-hove,dc=sch,dc=uk" write
	by anonymous auth
	by * none

replica host=ds9.longhill.brighton-hove.sch.uk:389
	suffix ="dc=longhill,dc=brighton-hove,dc=sch,dc=uk"
	binddn="uid=ldaprep,dc=longhill,dc=brighton-hove,dcc=sch,dc=uk"
	credentials=foo
	bindmethod=simple
replogfile /usr/local/var/replog/replog


DS9

access to *
	by group="cn=it,ou=Groups,dc=longhill,dc=brighton-hove,dc=sch,dc=uk" write
	by dn.base="cn=ldaprep,dc=longhill,dc=brighton-hove,dc=sch,dc=uk" write
	by anonymous auth
	by * none

updatedn "cn=ldaprep,dc=longhill,dc=brighton-hove,dc=sch,dc=uk"
updateref ldap://ds1.longhill.brighton-hove.sch.uk


this is an ldif of cn=ldaprep

dn: uid=ldaprep,ou=Users,dc=longhill,dc=brighton-hove,dc=sch,dc=uk
objectClass: top
objectClass: account
objectClass: posixAccount
uid: ldaprep
description: LDAP Replicator (DO NOT REMOVE)
cn: ldaprep
uidNumber: 300
gidNumber: 0
homeDirectory: /tmp
userPassword: foo
loginShell: /usr/bin/false
gecos: LDAP Replicator (DO NOT REMOVE)

Cheers

- -------------
Kristyan Osborne - IT Technician
Longhill High School
01273 391672 / 304086

- ------
Computers are like airconditioners: They stop working properly if you open windows.
Win95:       A 32-bit patch for a 16-bit GUI shell running on top of an
             8-bit operating system written for a 4-bit processor by a
             2-bit company who cannot stand 1 bit of competition.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (MingW32)

iD8DBQFBf61wqrr+KdRYU5gRAi+nAJ4kfibu79DXV9/mVbdrsP6cxAO0rACfZWe5
1cLRz1uiIHKz9Bn/P8vLPwg=
=4yru
-----END PGP SIGNATURE-----