[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Syncrepl : Authentication issue
Selon Buchan Milne <bgmilne@staff.telkomsa.net>:
> On Thursday, 26 November 2009 16:35:00 smainklh@free.fr wrote:
> > Hello guys,
> >
> > I'm meeting an issue when configuring ldap replication.
> > The synchronisation account doesn't authenticate with the provider.
> >
> > Here are my configuration files :
> >
> > /etc/ldap/slapd.conf (provider):
> > -----------------------
> > moduleload syncprov
> > database bdb
> > overlay syncprov
> > syncprov-checkpoint 100 10
> > syncprov-sessionlog 100
> >
> > index objectClass,entryCSN,entryUUID eq
> >
> > /etc/ldap/slapd.conf (consumer):
> > --------------------------
> > Syncrepl rid=666
> > provider=ldaps://provider.domain.tld:636/
> > type=refreshOnly
> > retry="60 10 600 +"
> > interval=00:00:30:00
> > searchbase="dc=domain,dc=tld"
> > scope=sub
> > schemachecking=on
> > bindmethod=simple
> > binddn="cn=syncrepluser,dc=domain,dc=tld"
> > credentials=secret
> >
> > Errors below :
> > >From consumer
> >
> > ------------
> > slap_client_connect: URI=ldaps://provider.domain.tld:636/
> > DN="cn=syncrepluser,dc=domain,dc=tld" ldap_sasl_bind_s failed (49)
> > do_syncrepl: rid=666 retrying (9 retries left)
> >
> > >From provider
> >
> > ------------
> > Nov 26 15:28:47 provider slapd[2514]: do_bind: version=3
> > dn="cn=syncrepluser,dc=domain,dc=tld" method=128
> > Nov 26 15:28:47 provider slapd[2514]:
> > bdb_dn2entry("cn=syncrepluser,dc=domain,dc=tld")
> > Nov 26 15:28:47 provider slapd[2514]: =>
> > bdb_dn2id("cn=syncrepluser,dc=domain,dc=tld")
> > Nov 26 15:28:47 provider slapd[2514]: <= bdb_dn2id: get failed:
> > DB_NOTFOUND: No matching key/data pair found (-30990)
>
> The DN you specified doesn't seem to exist.
>
> > Nov 26 15:28:47 provider slapd[2514]: send_ldap_result: conn=3 op=0 p=3
> > Nov 26 15:28:47 provider slapd[2514]: send_ldap_response: msgid=1 tag=97
> > err=49 Nov 26 15:28:47 provider slapd[2514]: connection_get(14): got
> > connid=3 Nov 26 15:28:47 provider slapd[2514]: connection_read(14):
> > checking for input on id=3
> > Nov 26 15:28:47 provider slapd[2514]: ber_get_next on fd 14 failed errno=0
> > (Success)
> > Nov 26 15:28:47 provider slapd[2514]: connection_closing: readying conn=3
> > sd=14 for close
> > Nov 26 15:28:47 provider slapd[2514]: connection_close: deferring conn=3
> > sd=14 Nov 26 15:28:47 provider slapd[2514]: conn=3 op=1 do_unbind
> > Nov 26 15:28:47 provider slapd[2514]: connection_resched: attempting
> > closing conn=3 sd=14
> > Nov 26 15:28:47 provider slapd[2514]: connection_close: conn=3 sd=14
> >
> >
> > Do i have to create an account in the ldap tree?
>
> Syncrepl performs an LDAP search against the provider. As with any ldap
> search, it needs to perform a bind as an identity that has sufficient access
> to
> retrieve the data it needs to replicate the directory content. You could
> either use the rootdn on the provider (not recommended) or anonymous access
> (not recommended) with a totally unsecured provider, or you need to use a DN
> that has been granted sufficient access.
>
> See for example:
>
http://www.openldap.org/doc/admin24/replication.html#Set%20up%20the%20consumer%20slapd
>
> (unfortunately, the preceding section doesn't show the access controls
> mentioned, nor the creation of the DN)
>
> > Is there a problem using SSL?
>
> A problem with SSL wouldn't give you an "invalid credentials" error.
>
> Regards,
> Buchan
>
Ok thanks Buchan, I only had to create an account.