Re: Syncrepl and problem with ldap_sasl_bind_s failed?

[Howard Chu <hyc@symas.com>]

Eivind Olsen wrote:
> Michael Ströder wrote:
>
> > 49 is "invalidCredentials".
> > Likely either one of the following reasons are causing this:
> > - entry cn=replicator,ou=admins,ou=internal,o=aminor does not exist
> > - the password is wrong
> > - some ACLs reject authentication
>
> That's what puzzles me. I can from both nodes do ldapsearch as the
> replication user to both nodes, and that part behaves as I'd expect it to
> (I get a connection with answers, and if I try to connect with the wrong
> password I get "ldap_bind: Invalid credentials (49)").

> dn: olcDatabase={3}hdb,cn=config
> objectClass: olcDatabaseConfig
> objectClass: olcHdbConfig
> olcDatabase: {3}hdb
> olcDbDirectory: /usr/local/openldap/var/openldap-data/radius
> olcSuffix: ou=radius,ou=no,o=aminor

> olcSyncrepl: {0}rid=005 provider=ldap://ldap01-testing.aminor.no binddn
>   ="cn=replicator,ou=admins,ou=internal,o=aminor" bindmethod=simple credent
>   ials=<REPLICATOR-password> searchbase="ou=radius,ou=no,o=aminor"
> type=refreshAndPersis
>   t retry="5 5 5 +" timeout=3
> olcSyncrepl: {1}rid=006 provider=ldap://ldap02-testing.aminor.no binddn
>   ="cn=replicator,ou=admins,ou=internal,o=aminor" bindmethod=simple credent
>   ials=<REPLICATOR-password> searchbase="ou=radius,ou=no,o=aminor"
> type=refreshAndPersi
>   st retry="5 5 5 +" timeout=3

Clearly you have a mistake in the password of one of these two lines, because 
if they were identical they would be identical in length, but they wrap the 
"refreshAndPersist" in two different positions.

--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/