[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: any help on "ldap_sasl_bind_s failed (53)"
- To: jephte.clain@univ-reunion.fr
- Subject: Re: any help on "ldap_sasl_bind_s failed (53)"
- From: wailok tam <wailoktam@yahoo.com>
- Date: Wed, 19 Nov 2014 01:41:39 -0800
- Cc: openldap-technical@openldap.org
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1416390099; bh=JZ1uPixzWMHtwR3ORv1C1aAJK57YjNcvMxP7R18yJ3w=; h=Message-ID:Date:From:Subject:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding; b=aX/PXzV13MkwMHiwsZ4RvbGVu+1PuLtHydAy26WOx5T/gHUMxf9R+zwgZWhQG88MqEasogpZYa4NxRmTA1hCkADkKUqkNI0oEQQdWy00fiQ46pzhxVPvUFp62XqRFWKdP+gdJju0uG1gJdLXRGQVBcBysQ7mI5ja5+BsXUTJhYg=
thx for your reply.
do i put in the slave conf file the same thing as the following command?
> ldapsearch -x -H ldap://mail.ier.hit-u.ac.jp -W -D > 'cn=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp' '(uid=someone)'
------------------------------
On Wed, Nov 19, 2014 9:25 AM GMT Jephte Clain wrote:
>hello,
>
>I would say, try to understand the meaning of what you do. The
>openldap admin guide is a good place to start.
>
>- for instance, on the slave, you bind to the master with dn
>uid=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp and password
>secretofreplicator
>does this objet exist *on the master*? with the right password? does
>this account have the right acl to read everything on the master
>(i.e., on the master, the acl is defined for cn=replicator,... which
>is not the same as uid=replicator,...)
>- also, why would you use the replicator dn as the rootdn for the slave?
>
>one last thing: I advise you change the password of both the master
>and slave. posting the file with the hash password of the root dn on
>the internet is not a good idea :-)
>
>good luck
>
>
>2014-11-19 11:38 GMT+04:00 wailok tam <wailoktam@yahoo.com>:
>> Hi, I am new to ldap. I am following the book "Mastering Openldap" to set up
>> replication
>> but I am getting the error given in the title when I start the slave with
>> "splad -d sync" . Replication does
>> not work.
>>
>> ******************************************************************************************************
>>
>> slapd.conf of the Master:
>>
>> include /etc/openldap/schema/core.schema
>> include /etc/openldap/schema/cosine.schema
>> include /etc/openldap/schema/inetorgperson.schema
>> include /etc/openldap/schema/nis.schema
>> include /etc/openldap/schema/samba.schema
>>
>>
>> #modulepath /usr/lib/openldap
>> #moduleload syncprov.la
>>
>> # Allow LDAPv2 client connections. This is NOT the default.
>> allow bind_v2
>>
>> # Do not enable referrals until AFTER you have a working directory
>> # service AND an understanding of referrals.
>> #referral ldap://root.openldap.org
>>
>> pidfile /var/run/openldap/slapd.pid
>> argsfile /var/run/openldap/slapd.args
>>
>> #sasl-realm ier.hit-u.ac.jp
>> #sasl-host localhost
>> #authz-regexp uid=([^,]*),cn=ier.hit-u.ac.jp,cn=DIGEST-MD5,cn=auth
>> cn=$1,dc=ier,dc=hit-u,dc=ac,dc=jp
>>
>> #######################################################################
>> # ldbm and/or bdb database definitions
>> #######################################################################
>>
>> database bdb
>> suffix "dc=ier,dc=hit-u,dc=ac,dc=jp"
>> rootdn "cn=root,dc=ier,dc=hit-u,dc=ac,dc=jp"
>> #rootpw {MD5}x1Ktlhm0p7RPnl/G01rhTQ==
>> rootpw secret
>> #password-hash {MD5}
>> directory /var/lib/ldap
>>
>> TLSCACertificateFile /usr/share/ssl/certs/nii-odca2.crt
>> TLSCertificateFile /usr/share/ssl/certs/mail.ier.hit-u.ac.jp.crt
>> TLSCertificateKeyFile /usr/share/ssl/certs/mail.ier.hit-u.ac.jp.key
>>
>> overlay syncprov
>> syncprov-checkpoint 50 10
>> syncprov-sessionlog 100
>>
>> # Indices to maintain for this database
>> index objectClass eq,pres
>> index ou,cn,mail,surname,givenname eq,pres,sub
>> index uidNumber,gidNumber,loginShell eq,pres
>> index uid,memberUid eq,pres,sub
>> index nisMapName,nisMapEntry eq,pres,sub
>> index entryCSN,entryUUID eq
>> idlcachesize 1000
>>
>>
>> access to attrs=userPassword
>> by self write
>> by dn="cn=root,dc=ier,dc=hit-u,dc=ac,dc=jp" write
>> by dn="cn=dovecot,dc=ier,dc=hit-u,dc=ac,dc=jp" read
>> by dn.exact="cn=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp" read
>> by anonymous auth
>> by * none
>>
>>
>>
>> access to attrs=SambaLMPassword,SambaNTPassword
>> by dn="cn=root,dc=ier,dc=hit-u,dc=ac,dc=jp" write
>> by dn="cn=dovecot,dc=ier,dc=hit-u,dc=ac,dc=jp" read
>> by dn.exact="cn=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp" read
>> by self read
>> by anonymous auth
>> by * none
>>
>> access to *
>> by self write
>> by dn="cn=root,dc=ier,dc=hit-u,dc=ac,dc=jp" write
>> by dn.exact="cn=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp" read
>> by * read
>>
>> *****************************************************************************************************
>>
>> sladp.conf of the slave:
>>
>> include /etc/openldap/schema/core.schema
>> include /etc/openldap/schema/cosine.schema
>> include /etc/openldap/schema/inetorgperson.schema
>> include /etc/openldap/schema/nis.schema
>> include /etc/openldap/schema/samba.schema
>>
>> # Allow LDAPv2 client connections. This is NOT the default.
>> allow bind_v2
>>
>> # Do not enable referrals until AFTER you have a working directory
>> # service AND an understanding of referrals.
>> #referral ldap://root.openldap.org
>>
>> pidfile /var/run/openldap/slapd.pid
>> argsfile /var/run/openldap/slapd.args
>>
>> #######################################################################
>> # ldbm and/or bdb database definitions
>> #######################################################################
>>
>> database bdb
>> suffix "dc=ier,dc=hit-u,dc=ac,dc=jp"
>> #rootdn "cn=root,dc=ier,dc=hit-u,dc=ac,dc=jp"
>> rootdn "cn=replicator,dc=ier,dc=hit-u,dc=ac,dc=jp"
>> #rootpw {MD5}x1Ktlhm0p7RPnl/G01rhTQ==
>> rootpw secretofreplicator
>> #password-hash {MD5}
>> directory /var/lib/ldap
>> #TLSCACertificateFile /usr/share/ssl/certs/nii-odca2.crt
>> #TLSCertificateFile /usr/share/ssl/certs/mail.ier.hit-u.ac.jp.crt
>> #TLSCertificateKeyFile /usr/share/ssl/certs/mail.ier.hit-u.ac.jp.key
>>
>>
>> # Replicas of this database
>> #updatedn cn=replicator,dc=ier,dc=hit-u,dc=ac,dc=jp
>> #updateref uri=ldap://192.168.84.22
>>
>> # Indices to maintain for this database
>> index objectClass eq,pres
>> index ou,cn,mail,surname,givenname eq,pres,sub
>> index uidNumber,gidNumber,loginShell eq,pres
>> index uid,memberUid eq,pres,sub
>> index nisMapName,nisMapEntry eq,pres,sub
>> index entryCSN,entryUUID eq
>> idlcachesize 1000
>>
>>
>> #access to attrs=userPassword
>> # by dn="cn=replicator,dc=ier,dc=hit-u,dc=ac,dc=jp" write
>> # by self write
>> # by anonymous auth
>> # by * none
>>
>>
>> #access to *
>> # by dn="cn=replicator,dc=ier,dc=hit-u,dc=ac,dc=jp" write
>> # by self write
>> # by * read
>>
>>
>>
>>
>> #loglevel stats sync
>>
>> syncrepl rid=001
>> provider=ldap://mail.ier.hit-u.ac.jp
>> type=refreshAndPersist
>> interval=00:00:05:00
>> searchbase="dc=ier,dc=hit-u,dc=ac,dc=jp"
>> binddn="uid=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp"
>> bindmethod=simple
>> # bindmethod=sasl saslmech=DIGEST-MD5
>> # authcid=replicator
>> credentials=secretofreplicator
>>
>> updateref ldap://mail.ier.hit-u.ac.jp/
>>
>>
>> *****************************************************************************************
>> what puzzles me is that:
>>
>> I try on the slave to access the master with
>> ldapsearch -x -H ldap://mail.ier.hit-u.ac.jp -W -D
>> 'cn=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp' '(uid=someone)'
>>
>> and it works.
>>
>> What is wrong? I really need your help.
>>
>>
>
>
>
>--
>cordialement,
>Jephté Clain
>Direction des Systèmes d'Information
>et des Usages Numériques - 2IG
>Tél. 0262 93 86 31
>Fax. 0262 93 81 06
>