[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: UpdateDN Noob Question

Just so I understand you correctly, I have to make an entry in the created
directory for the updatedn user.  I have already tried this I am assuming I
used bad attributes, can the user entry exist in bot the master's and the
slave's copy of the directory?  This is what my entry contained:

dn: cn=Replicator,dc=interactivedata,dc=com
cn: Replicator
userPassword: replicate
objectClass: top
objectClass: organizationalRole
objectClass: simpleSecurityObject

Is that sufficient for simple, non-secure authetication with the config
parameters I provided below?

* Gary.Blydenburgh@ftid.com <Gary.Blydenburgh@ftid.com> [1220 23:20]:
> >* Gary.Blydenburgh@ftid.com <Gary.Blydenburgh@ftid.com> [1200 21:00]:
> >> I am trying to setup a master/slave replication scenario and have run
> into
> >> a road block.  Where is the password or "credentials" stored on the
> slave
> >> PC, how does it know the value of "credentials"?
> >
> >It's a bind password for the DN specified as binddn in the directory,
> >just like any other.
>         Where is it defined, and what syntax is used.  I see an entry in
> /etc/ldap.conf called bindpw is that it?

It's defined in the directory on the slave. slurpd on the master watches
the replogfile for edits to the master, then uses the replica settings in
 slapd.conf to connect to the slave and update it.

> >> --Master--
> >> replogfile /var/lib/ldap/replica.log
> >> replica                host=slpma1ldap02.intdata.com:389
> >>                 binddn="cn=Replicator,dc=interactivedata,dc=com"
> >>                         bindmethod=simple credentials=replicate
> >
> >> updatedn        "cn=Replicator,dc=interactivedata,dc=com"
> >> updateref       ldap://slpma1ldap01.intdata.com
> >> access to *
> >>         by * read
> >>         by dn="cn=Replicator,dc=interactivedata,dc=com" write
> >>         by self write
> >>         by dn="cn=Manager,dc=interactivedata,dc=com" write