[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Problem getting monitor backend and syncrepl overlay to work

Hi david,

i'm not sure about that, by havn't figured out why the credentials have to be in cleartext, but that was only possibility I got syncrepl working since I tried it with SSHA or MD5 prefixes.
Did you tried that in cleartext?

just my two bucks and a half
benjamin

On Wed, Mar 10, 2010 at 10:01, DeMoNs@web.de <DeMoNs@web.de> wrote:
Hi all,

i have a problem getting openldap to run monitor backend AND syncrepl
overlay.
i'm running freebsd-7.2-release-p6 in combination with
openldap-server-2.4.19 with sasl support compiled in.

i use the following slapd config:

include         /usr/local/etc/openldap/schema/core.schema
include         /usr/local/etc/openldap/schema/cosine.schema
include         /usr/local/etc/openldap/schema/nis.schema
include         /usr/local/etc/openldap/schema/inetorgperson.schema
include         /usr/local/etc/openldap/schema/misc.schema
include         /usr/local/etc/openldap/schema/ldapns.schema
include         /usr/local/etc/openldap/schema/radius.schema

pidfile         /var/run/openldap/slapd.pid
argsfile        /var/run/openldap/slapd.args
logfile         /var/log/slapd.log

password-hash   {SSHA}
modulepath      /usr/local/libexec/openldap
moduleload      back_bdb
moduleload      back_monitor

access to dn.base="" by * read
access to dn.base="cn=Subschema" by * read
access to *
       by ssf=128 dn="cn=admin,dc=example,dc=de" write
       by dn="cn=admin,dc=example,dc=de" peername.ip=127.0.0.1 write
       by ssf=96 dn="cn=nssadmin,dc=example,dc=de" read
       by dn="cn=nssadmin,dc=example,dc=de" peername.ip=127.0.0.1 read
       by anonymous auth
       by * none
access to attrs=userPassword
       by self write
       by anonymous auth
       by * none

database        bdb
suffix          "dc=example,dc=de"
rootdn          "dc=example,dc=de"
directory       /var/db/openldap-data
index   objectClass,entryCSN,entryUUID    eq
index   uid    pres,eq,sub
index   memberUID    eq
index   uidNumber,gidNumber    eq
index   host    eq

database        monitor
rootdn          "cn=monitoring,cn=Monitor"
rootpw          monitoring

access to dn.subtree="cn=Monitor"
       by dn="cn=nssadmin,dc=example,dc=de"
       by * none

syncrepl rid=041
       provider=ldap://ldap-master.example.de
       type=refreshOnly
       interval=00:00:35:00
       searchbase="dc=example,dc=de"
       schemachecking=off
       bindmethod=simple
       starttls=yes
       binddn="cn=syncuser,dc=example,dc=de"
       credentials="strongsecretpassword"

TLSCertificateFile /usr/local/etc/openldap/ssl/ldap-crt.pem
TLSCertificateKeyFile /usr/local/etc/openldap/ssl/ldap-key.pem
TLSCACertificateFile /usr/local/etc/openldap/ssl/cacert.pem

loglevel 256

now, when i run slaptest i receive following error:

/usr/local/etc/openldap/slapd.conf: line 59: database monitor does not
support operations required for syncrepl
slaptest: bad configuration file!

Line 59 corresponds to the credentials option in the synrepl statement.
i can't figure out whats wrong, so if anyone can point me in the right
direction that would be really helpful.

thanks in advance,
david



--
To be or not to be -- Shakespeare | To do is to be -- Nietzsche | To be is to do -- Sartre | Do be do be do -- Sinatra