[Date Prev][Date Next] [Chronological] [Thread] [Top]

Unable to auth on replica


I have set two Ubuntu 8.04 servers running OpenLDAP 2.4.9-0ubuntu0.8.04.2. I have set replication as per the docs. On the slave, I start with an empty /var/lib/ldap, and when I start the replica the dir is populated with the files, I am able to anon search, etc. Great, except my clients are able to auth on the provider but not on the replica.

Both provider and consumer have the same acls, and the diff from one conf to another is:

--- slapd.conf  2009-04-02 09:04:42.000000000 -0300
+++ slapd.conf.replica    2009-04-02 09:05:47.000000000 -0300
@@ -60,19 +61,13 @@
# 'database' directive occurs
database        hdb

-overlay syncprov
-syncprov-checkpoint 100 10
-syncprov-sessionlog 100
-# Let the replica DN have limitless searches
-limits dn.exact="cn=syncrepl,dc=a1,dc=ind" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited
# The base of your directory in database #1
suffix          "dc=a1,dc=ind"

# rootdn directive for specifying a superuser on the database. This is needed
# for syncrepl.
-# rootdn          "cn=admin,dc=a1,dc=ind"
+rootdn          "cn=admin,dc=a1,dc=ind"

# Where the database file are physically stored for database #1
directory       "/var/lib/ldap"
@@ -112,6 +108,21 @@
# Where to store the replica logs for database #1
# replogfile   /var/lib/ldap/replog

+syncrepl rid=3
+   provider=ldap://
+   type=refreshAndPersist
+   interval=01:00:00:00
+   searchbase="dc=a1,dc=ind"
+   scope=sub
+   schemachecking=off
+   bindmethod=simple
+   binddn="cn=syncrepl,dc=a1,dc=ind"
+   credentials=xxxxx
+# updateref   ldap://
# The userPassword by default can be changed
# by the entry owning it if they are authenticated.
# Others should not be able to see it, except the

Any idea on what could be wrong? Thanks in advance for any hint or help.

Marcio Merlone