[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Problem with replication

To: sandeep@netcontinuum.com
Subject: Re: Problem with replication
From: Howard Chu <hyc@symas.com>
Date: Thu, 01 Jun 2006 01:06:30 -0700
Cc: OpenLDAP-software@OpenLDAP.org
In-reply-to: <447E9D23.6010703@netcontinuum.com>
References: <447D9D3D.9060106@netcontinuum.com> <b0459d5c0605310740v65eadf23yc95add1f6e2f7015@mail.gmail.com> <447E01E5.3010700@symas.com> <447E9D23.6010703@netcontinuum.com>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20060528 SeaMonkey/1.5a

It's difficult to tell from the sloppy formatting of your email, but most likely you have white space in your slave's slapd.conf where it does not belong, and are missing white space where it does belong. Please read the slapd.conf(5) manpage again and pay attention to the rules for white space in this file.

Sandeep A.S wrote:

The slave ACLs are in the wrong order, so there is no way to Bind because nobody can access the userPassword attribute.

Thanks a lot for your help. Now Invalid credentials error is gone. (I created one dn: uid=Replicator,dc=nc,dc=com in the master and slapcated to slave ) Also changed the ACLs as below:
 In Master:
access to attrs=userPassword
       by dn="uid=Replicator,dc=nc,dc=com"  write
       by self write
       by * auth
access to *
       by dn="uid=Replicator,dc=nc,dc=com"  write
       by self write
       by * read
And         replica uri=ldap://192.168.128.248:6666
        suffix="dc=nc,dc=com"
         binddn="uid=Replicator,dc=nc,dc=com"
         bindmethod=simple credentials=secret
In Slave:(Same as Master)
       access to attrs=userPassword
       by self write
       by dn="uid=Replicator,dc=nc,dc=com"  write
       by * auth
       access to *
       by dn="uid=Replicator,dc=nc,dc=com"  write
       by self write
       by * read
      updatedn       "uid=Replicator,dc=nc,dc=com"
In Master slurpd -d 256 gives the following: (When I try to delete DN "uid=flexlm,ou=People,dc=sca,dc=nc,dc=com in Master) Error: ldap_delete_s failed deleting DN "uid=flexlm,ou=People,dc=sca,dc=nc,dc=com": no write access to parent Error: ldap operation failed, data written to "/usr/local/var/openldap-slurp/replica/192.168.128.248:6666.rej" And in slave: slapd -d 256 gives : conn=1 fd=11 ACCEPT from IP=192.168.128.238:34313 (IP=192.168.128.248:6666) conn=1 op=0 BIND dn="uid=Replicator,dc=nc,dc=com" method=128 conn=1 op=0 BIND dn="uid=Replicator,dc=nc,dc=com" mech=SIMPLE ssf=0 conn=1 op=0 RESULT tag=97 err=0 text= conn=1 op=1 DEL dn="uid=flexlm,ou=People,dc=sca,dc=nc,dc=com" conn=1 op=1 RESULT tag=107 err=50 text=no write access to parent I assume some ACL issue,but I am helpless to find it out Requesting your help
 Thanks
 Sandeep


--
 -- Howard Chu
 Chief Architect, Symas Corp.  http://www.symas.com
 Director, Highland Sun        http://highlandsun.com/hyc
 OpenLDAP Core Team            http://www.openldap.org/project/

Follow-Ups:
- Re: Problem with replication
  - From: "Sandeep A.S" <sandeep@netcontinuum.com>

References:
- Re: Problem with replication
  - From: "Sandeep A.S" <sandeep@netcontinuum.com>

Next by Date: Re: Building C++ sdk on Solaris 9
Index(es):
- Chronological
- Thread