[Date Prev][Date Next]
Re: OpenLDAP replication using GSSAPI for slave server auth
I think I'm almost there!
I added a similar entry to my slave server, got my keytabs set up,
crontabs set up, etc.
I'm wondering how the master server knows to accept the slave's
authentication? Do I need something like:
syncprov-checkpoint 100 60
and something like.....
access to *
by self write
by dn="cn=Manager,dc=soe,dc=ucsc,dc=edu" write
by <some kind of entry regarding gssapi ldap/slave.domain.com auth?>
by * read
in the master LDAP server's slapd.conf file?
Do you have access entries for your slaves in slapd.conf on your master
Also, when you had everything set up correctly, did the slave
automatically populate /var/lib/ldap with the databases as soon as slapd
Thanks a million again for your help/hints on this!
Smith, Matt wrote:
Here is the relevant snippet from my slave's syncrepl stanza (OL 2.2 -
syntax may have changed for 2.3) :
I have a cron job periodically refresh my kerberos ticket using:
kinit -c /tmp/krb5cc_slapd -t /etc/openldap/ldap.keytab
This does avoid the use of slurpd.
On Thu, 2006-07-13 at 08:03 -0700, Erich Weiler wrote:
I think I see what you're getting at. The k5start tool looks extremely
cool and I think I'll use that. Can I skip using SASL to use this
method of authentication? Or do I still need something like:
in my syncrepl entry in slapd.conf?
Also, if I use SyncRep can I skip all the stuff about setting up
replication with slurpd? That would be very nice as that slurpd stuff
looked kind of sticky.
Sorry about the probably basic questions, I'm kind of new to this stuff
and am picking it up on the way.... :)
Matthew J. Smith wrote:
You will need to use the keytab to fetch a TGT for the user account
under which the OpenLDAP server is running. Either a cron-job running
kinit, or k5start (first Google hit:
http://www.eyrie.org/~eagle/software/kstart/k5start.html ) should do the
trick. Assuming you are using SyncRepl, you will need to do this on
each slave LDAP server.
UNIX Systems Administrator
School of Engineering
University of California Santa Cruz