Re: ACLs and replication

[Howard Chu <hyc@symas.com>]

Kristyan Osborne wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi,
>
> I have two OpenLDAP servers running 2.2.17. DS1 is a master as DS9 is a slave. I want to make DS1 replicate to DS9.
> I have set up as according to the docs but when I start slurpd with -d2 I can see the error Invalid credentials.
>
> I have set up a cn=ldaprep as the update dn. If I use cn=root then replication work. I think it is something to do with my ACLs.
I would guess that "Invalid credentials" has something to do with your 
DN or password....

> Any help would be appreciated.
>
> here are snippets from my conf files.
>
> DS1
>
> access to *
> 	by group="cn=it,ou=Groups,dc=longhill,dc=brighton-hove,dc=sch,dc=uk" write
> 	by dn.base="cn=ldaprep,dc=longhill,dc=brighton-hove,dc=sch,dc=uk" write
> 	by anonymous auth
> 	by * none
>
> replica host=ds9.longhill.brighton-hove.sch.uk:389
> 	suffix ="dc=longhill,dc=brighton-hove,dc=sch,dc=uk"
> 	binddn="uid=ldaprep,dc=longhill,dc=brighton-hove,dcc=sch,dc=uk"
>  
You have "dcc=sch" instead of "dc=sch" there. Was that just a typo in 
this email, or does that same mistake appear in your config file?

> 	credentials=foo
> 	bindmethod=simple
> replogfile /usr/local/var/replog/replog
>
>
> DS9
>
> access to *
> 	by group="cn=it,ou=Groups,dc=longhill,dc=brighton-hove,dc=sch,dc=uk" write
> 	by dn.base="cn=ldaprep,dc=longhill,dc=brighton-hove,dc=sch,dc=uk" write
> 	by anonymous auth
> 	by * none
>
> updatedn "cn=ldaprep,dc=longhill,dc=brighton-hove,dc=sch,dc=uk"
> updateref ldap://ds1.longhill.brighton-hove.sch.uk
>  
--
 -- Howard Chu
 Chief Architect, Symas Corp.       Director, Highland Sun
 http://www.symas.com               http://highlandsun.com/hyc
 Symas: Premier OpenSource Development and Support