[Date Prev][Date Next]
Re: slapd/slurpd replication log not written to
--On Wednesday, August 09, 2006 11:47 AM +0100 Juliet Kemp
Howard Chu wrote:
Juliet Kemp wrote:
I'm attempting to set up a slave LDAP server.
I have replogfile & replica config set in the master server, but when
I restart it & try a test entry, the replication log contains no
data. It does, however, show a change in the 'last modified' date.
Note that the replog should usually be empty since slurpd truncates it
as soon as it reads it.
Ah, right, thanks for that.
I've now been able to get it running with simple auth (by setting rootdn
& rootpw on the slave server), but I'd prefer to have it using GSSAPI
like the rest of my setup.
The .rej file just has "ERROR: Referral"
The slave logfile (with loglevel 1) is shown below (for an attempted
add). I'm slightly confused in that it seems to switch halfway through
from using slurpd_adm (my replication admin) to ldapadm (the 'general'
Master replication config:
SASL/GSSAPI doesn't have a bind dn. The DN is determined either by a
authz-regexp mapping the SASL Identity to an entry in the directory, or by
the SASL identity itself, if there isn't one. However, IIRC, you still
have to specify the binddn parameter in the replica statement, it is
For GSSAPI replication to work correctly, you'll need to give slurpd access
to a ticket in its environment (KRB5CCNAME generally). I would suggest a
utility like kstart for keeping the ticket refreshed, see:
You may also want to look at:
for an example of authz-regexp statements (which used to be called
Here's my old example replicator entry (from before I switched to using
Here's the related authz-regexp mapping:
Principal Software Developer
ITS/Shared Application Services
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html