[Date Prev][Date Next] [Chronological] [Thread] [Top]

syncrepl/sasl problems



Hi List,

I need to configure a master and slave ldap server with replication. I am running openSUSE10.2 and openldap2-2.3.27-25.  Initially I was using slurpd but syncrepl was recommended to me as being more agreeable with my ldap version.

I configured my master and slave according to the instructions from the openldap web site:
http://www.openldap.org/doc/admin22/syncrepl.html

Here is the slave slapd.conf:

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
loglevel 256
TLSCertificateFile /etc/openldap/servercert.pem
TLSCACertificateFile /etc/openldap/cacert.pem
TLSCertificateKeyFile /etc/openldap/serverkey.pem
database bdb
suffix "dc=mydomain,dc=com"
rootdn "cn=replica,dc=mydomain,dc=com"
rootpw "{ssha}mypassword"
directory /var/lib/ldap/
checkpoint 1024 5
cachesize 10000
index objectClass,uidNumber,gidNumber eq
index member,mail eq,pres
index cn,displayname,uid,sn,givenname sub,eq,pres


#Entries for replication using sync-repl

 syncrepl rid=123
                provider=ldap://ldap1.mydomain.com
                type=refreshAndPersist
                #interval=01:00:00:00
                searchbase="dc=mydomain,dc=com"
                filter="(objectClass=organizationalPerson)"
                scope=sub
                attrs="cn,sn,ou,telephoneNumber,title,l"
                schemachecking=off
                updatedn="cn=replica,dc=mydomain,dc=com"
                bindmethod=sasl
                #saslmech=digest-md5
                binddn="cn=Administrator,dc=mydomain,dc=com"
                credentials="{ssha}mypassword"

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


And here is my master slapd.conf


++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
loglevel 256
TLSCertificateFile /etc/openldap/servercert.pem
TLSCACertificateFile /etc/openldap/cacert.pem
TLSCertificateKeyFile /etc/openldap/serverkey.pem
database bdb
suffix "dc=mydomain,dc=com"
rootdn "cn=Administrator,dc=mydomain,dc=com"
rootpw "{ssha}mypassword"
directory /var/lib/ldap/
checkpoint 1024 5
cachesize 10000
index objectClass,uidNumber,gidNumber eq
index member,mail eq,pres
index cn,displayname,uid,sn,givenname sub,eq,pres


#Entries for replication using sync-repl

sessionlog 999 999

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


OK as you can see I am using bindmethod=sasl because when I was using bindmethod=simple, I got an error code 49 LDAP_INVALID_CREDENTIALS


Now as far as I can detirmine from the log below, the connection is made so syncrepl is configured correctly but there is some sort of problem with sasl. It seems that the attribute "supportedSASLMechanisms" is not found on the master. I get the same error If I uncomment the "saslmech=digest-md5" entry.

/var/log/messages on the master:
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Nov 14 18:52:28 ldap1 slapd[18695]: conn=35 fd=13 ACCEPT from IP=192.168.2.246:9243 (IP=0.0.0.0:389)
Nov 14 18:52:28 ldap1 slapd[18695]: conn=35 op=0 SRCH base="" scope=0 deref=0 filter="(objectClass=*)"
Nov 14 18:52:28 ldap1 slapd[18695]: conn=35 op=0 SRCH attr=supportedSASLMechanisms
Nov 14 18:52:28 ldap1 slapd[18695]: conn=35 op=0 SEARCH RESULT tag=101 err=0 nentries=1 text=
Nov 14 18:52:28 ldap1 slapd[18695]: conn=35 op=1 UNBIND
Nov 14 18:52:28 ldap1 slapd[18695]: conn=35 fd=13 closed
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++




and on the slave:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Nov 14 16:13:47 ldap2 slapd[8305]: @(#) $OpenLDAP: slapd 2.3.27 (Nov 25 2006 17:08:16) $        abuild@eisler :/usr/src/packages/BUILD/openldap-2.3.27/servers/slapd
Nov 14 16:14:07 ldap2 slapd[8305]: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1: Can't contact LDAP server
Nov 14 16:14:07 ldap2 slapd[8305]: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1: Can't contact LDAP server
Nov 14 16:14:07 ldap2 slapd[8305]: nss_ldap: could not search LDAP server - Server is unavailable
Nov 14 16:14:07 ldap2 slapd[8312]: slapd starting
Nov 14 16:14:07 ldap2 slapd[8312]: do_syncrep1: ldap_sasl_interactive_bind_s failed (16)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Am I on the right track looking for the errors in sasl, and if so, how do I set the attributes?

Thanks in advance

Lawrence