[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Slave SASL Cannonicalize always returns root?

--On Wednesday, February 16, 2005 9:39 AM -0500 johnh@primebuchholz.com wrote:


I've been working on this particular problem for a week now, and can't
seem to find a resolution in the list archives/docs/faq, or through a
great deal of testing and experimentation.

I have two openldap 2.2.13 servers.  For authentication, I'm using MIT
Kerberos/Cyrus SASL GSSAPI.  All LDAP connections are TLS.

Binding to the master or slave works fine.

The problem is that when slurpd tries to send changes to the slave, the
slave always returns a referral.  Here's the relevant sections from my

The problem to me appears to be that you don't have a K5 ticket for replicator@mydomain.com, which is why when it binds the authcid is "root" and not "repliactor@mydomain.com".


Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

"These censorship operations against schools and libraries are stronger
than ever in the present religio-political climate. They often focus on
fantasy and sf books, which foster that deadly enemy to bigotry and blind
faith, the imagination." -- Ursula K. Le Guin