[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Can't start replication

Hi Dieter,

Password was created with slappasswd, and I know it's ok, because I can use ldapsearch, ldapmodify etc, to search, check etc, it's stored in the config in {SSHA} format, but presented in the olcSynRepl line in cleartext.  (It's not actually $PASS, I'm just stupidly paranoid about passwords) Here's the (partial) output from searching for it:

# {0}config, config
dn: olcDatabase={0}config,cn=config
olcRootPW: {SSHA}wm6t06uLEx1nzsGHT/VJc4g3whG4ihVZ

and yes, olcReadOnly is false...

dn: cn=config
olcReadOnly: FALSE


On 06 Sep 2010, at 09:14, Dieter Kluenter wrote:

> OK I don't see anything obvious
>> On 03 Sep 2010, at 15:55, Dieter Kluenter wrote:
>>> Am Fri, 3 Sep 2010 14:25:51 +0200
>>> schrieb Alister Forbes <a@cisco.com>:
>>>> All,
>>>> My situation is that I'm trying to get replication working between
>>>> two instances of openldap 2.4.23, both running on RHEL5, both built
>>>> with the same options, and db built under them with the same options,
>>>> and both OS instances are the same (cloned VMs)
>>>> I can see the two slapd's trying to communicate, but athough the
>>>> passwords supplied in 'credentials' are definitely correct, I keep
>>>> seeing the err=49 in the logs below
> How did you create the password and which hashing scheme did you use? 
> It seems that the userpassword hashed value does not match the
> presented value.
>>>> I've been struggling with this for days now.. can anyone give me a
>>>> hint what I've messed up?
>>>> Also, I'm not sure if it's related, but I now can't change anything
>>>> in the servers configs directly, I keep getting -
>>>> ldap_modify: Server is unwilling to perform (53)
>>>> 	additional info: shadow context; no update referral
> Please check if oclReadOnly: is set to FALSE
> [...]

Alister Forbes      Work:   +32 2 704 5762    Internal: 322 5762
a@cisco.com    TACSUNS             _.|._.|._ Cisco Systems

Please avoid sending me Word or PowerPoint attachments. See -