[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Problem with replication

matthew sporleder wrote:
On 5/31/06, Sandeep A.S <sandeep@netcontinuum.com> wrote:

access to attrs=userPassword by self write by * auth access to * by self write by * read replica uri=ldap:// suffix="dc=nc,dc=com" binddn="cn=Replicator,dc=nc,dc=com" bindmethod=simple credentials=secret replogfile /usr/local/var/openldap-data/master-replog

My relevent slave config:
access to *
by "cn=Replicator,dc=nc,dc=com"  write
access to attr=userPassword
        by self write
        by * auth
access to *
        by self write
        by * read
updatedn       "cn=Replicator,dc=nc,dc=com"

With debug of slurpd  in the Master it gives the following error: (When
I deleted the uid user from the master)
Error: ldap_simple_bind_s for failed: Invalid

Did you add cn=Replicator,dc=nc,dc=com to your replica before trying to do this?
Also, you might want to specify 'dn.exact="cn=Replicator,dc=nc,dc=com"
write' instead of just "cn=Replicator,dc=nc,dc=com" write in your
replica's ACL.

The slave ACLs are in the wrong order, so there is no way to Bind because nobody can access the userPassword attribute.

 -- Howard Chu
 Chief Architect, Symas Corp.  http://www.symas.com
 Director, Highland Sun        http://highlandsun.com/hyc
 OpenLDAP Core Team            http://www.openldap.org/project/