[Date Prev][Date Next]
Re: Ldap ppolicy schema entries
On Tuesday 12 February 2008 11:47:46 Aravind Arjunan wrote:
(it is really inconventient replying to this mail, because you wrote it in
HTML format, and Outlook's text version when you write in HTML contains extra
line breaks ...).
> * Am still facing issue while configuring ldap in master slave for
> am using openldap 2.2 version.
I would upgrade to 2.3 ...
> OS: RHEL 4.0
You may want to consider:
> And am trying to configure master slave replication thro slurpd method.
> i had configured my master slapd.conf and slave slave slapd.conf.
> similarly i configured master and slave ldap.conf.
> After that i stopped the service in master and slave by
If you are using the bdb backend (which you are), there is no need to stop
slapd to run slapcat.
> [root@server ~]# service ldap stop
> Stopping slapd: [ OK ]
> Stopping slurpd: [ OK ]
> [root@server ~]#
> similarly in slave also.
> then i copied the database manually using slapcat
> [root@server openldap]# slapcat -b "dc=example,dc=com" -v -l
> # id=00000001
> # id=00000003
> [root@server openldap]# scp example.com.ldif firstname.lastname@example.org
> email@example.com's password:
> example.com.ldif 100% 747 0.7KB/s 00:00
> [root@server openldap]#
> In slave :
> [root@slave openldap]# slapadd -b "dc=example,dc=com" -v -l
> added: "dc=example,dc=com" (00000001)
> added: "cn=Manager,dc=example,dc=com" (00000002)
> [root@slave openldap]#
> but when i create a user in ldapmaster and check that user in slave,i was
> not able to found.
> there was no log in replogfile.
> [root@server ~]# useradd test
> [root@server ~]# passwd test
> Changing password for user test.
> New UNIX password:
> Retype new UNIX password:
> passwd: all authentication tokens updated successfully.
I don't know what you are testing here, but the useradd command typically (and
specifically on RHEL4) doesn't create users anywhere but in local files. The
luseradd tool (from libuser) can create users in LDAP, but smbldap-tools (and
other similar tools) have useradd-compatible commands that do (and support
samba-related attributes etc.).
You should maybe use an ldap utility (e.g. ldapadd, ldapmodify) to generate
changes which you test for replication.
> master slapd.conf
> replica uri=ldap://=18.104.22.168:389
> bindmethod=simple credentials=hcllch
This should all be one statement, either on one line, or multiple lines, where
all but the first have leading spaces as line continuations. Since you didn't
compose in plain text, I am not sure if this is a problem in your
configuration file, or with your copy/paste ...
I haven't looked at the rest of your slapd.conf files in detail, but besides
this, they look mostly ok for now.
> Master ldap.conf
Which ldap.conf ? /etc/ldap.conf, or /etc/openldap/ldap.conf ? It looks like a
mix of the two.
> # LDAP Defaults
> # See ldap.conf(5) for details
> # This file should be world readable but not world writable.
> #BASE dc=example, dc=com
> #URI ldap://ldap.example.com ldap://ldap-master.example.com:666
> #SIZELIMIT 12
> #TIMELIMIT 15
> #DEREF never
> host 22.214.171.124 126.96.36.199
> base dc=example,dc=com
> binddn cn=Manager,dc=example,dc=com
> bindpw password
> bind_policy soft
> pam_password expo
These last 4 are specific to nss_ldap/pam_ldap, and as such belong
in /etc/ldap.conf, not /etc/openldap/ldap.conf. I would avoid using your
rootdn in a clear-text config file. You should use a proxy user with limited
access (it just needs to be able to search for a user and retrieve specific
attributes, which in most cases you would allow all authenticated users to