[Date Prev][Date Next] [Chronological] [Thread] [Top]

çå: çå: ååï mirror mode question

Hi Christian,

ÂÂÂÂÂÂÂÂ

ÂÂÂÂÂÂÂÂ Thank you very much~J

ÂÂÂÂÂÂÂÂ Can I understand I should change my config as below? If yes, I have a question, other people can see my rootpw, this is not safe, isnât it ?

 

moduleload syncprov.la

databaseÂÂÂÂÂÂÂ bdb

suffixÂÂÂÂÂÂÂÂÂ "dc=xxx,dc=xxx"

checkpointÂÂÂ 1024 15

rootdnÂÂÂÂÂÂÂÂÂ "cn=manager,dc=xxx,dc=xxx"

rootpwÂÂÂÂÂÂÂÂÂ {SSHA}miU6lvcqHnP+bAlZz4DruvOm8DeEczQR

directoryÂÂÂÂÂÂ /var/lib/ldap/xxx

access to *

ÂÂÂÂÂÂ by self write

ÂÂÂÂÂÂ by * read

# Indices to maintain for this database

index objectClass,entryCSN,entryUUIDÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ eq,pres

index ou,cn,mail,surname,givennameÂÂÂÂÂ eq,pres,sub

index uidNumber,gidNumber,loginShellÂÂÂ eq,pres

index uid,memberUidÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ eq,pres,sub

index nisMapName,nisMapEntryÂÂÂÂÂÂÂÂÂÂÂ eq,pres,sub

serverID 1 (ldap2 service is 2)

syncrepl rid=001

ÂÂÂÂÂÂÂÂÂ provider=ldap://other side ip

ÂÂÂÂÂÂÂÂÂ bindmethod=simple

ÂÂÂÂÂÂÂÂÂ binddn="cn=manager,dc=xxx,dc=xxx"

ÂÂÂÂÂÂÂÂÂ credentials=sillypassword

ÂÂÂÂÂÂÂÂÂ searchbase="dc=xxx,dc=xxx"

ÂÂÂÂÂÂÂÂÂ schemachecking=on

ÂÂÂÂÂÂÂÂÂ type=refreshAndPersist

ÂÂÂÂÂÂÂÂÂ retry="60 +"

mirrormode on

overlay syncprov

syncprov-checkpoint 100 10

syncprov-sessionlog 100

 

 

Thanks and regards

 

tiangexuan

 

-----éäåä-----
åää: Christian Kratzer [mailto:ck-lists@cksoft.de]
åéæé: 2014å4æ9æ 13:49
æää: çæç
æé: 'Dieter KlÃnter'; openldap-technical@openldap.org
äé: Re: çå: ååï mirror mode question

 

Hi,

 

On Wed, 9 Apr 2014, çæç wrote:

> Hi Dieter,

> 

> 

> 

>ÂÂÂ Thanks for your kindly replies.

> 

>ÂÂÂÂÂÂÂÂ In my case, I don't use any SASL. I want to use simple bind, but my mirror mode can't work when my rootpw in hash( if the rootpw is in cleartext , the mirror mode can work). Could you pls advice what is wrong with my configration?

> 

> 

> 

> My slapd.conf file set as below.

> 

> 

> 

> moduleload syncprov.la

> 

> databaseÂÂÂÂÂÂÂ bdb

> 

> suffixÂÂÂÂÂÂÂÂÂ "dc=xxx,dc=xxx"

> 

> checkpointÂÂÂ 1024 15

> 

> rootdnÂÂÂÂÂÂÂÂÂ "cn=manager,dc=xxx,dc=xxx"

> 

> rootpwÂÂÂÂÂÂÂÂÂ {SSHA}aeiyuikahdkfjhdiuvy

 

1. That is not a hash.

 

2. use slappasswd to generate the hash as follows

 

ÂÂÂÂ ck@ldap1:~ % slappasswd

ÂÂÂÂ New password: sillypassword

ÂÂÂÂ Re-enter new password: sillypassword

ÂÂÂÂ {SSHA}miU6lvcqHnP+bAlZz4DruvOm8DeEczQR

ÂÂÂÂ ck@ldap1:~ %

 

3. Use the result from slapasswd as your rootpw

 

ÂÂÂÂÂ rootpw {SSHA}miU6lvcqHnP+bAlZz4DruvOm8DeEczQR

 

4. Use a different password as you have now posted it to the list in cleartext

 

>ÂÂÂÂÂÂÂÂÂ credentials={SSHA} aeiyuikahdkfjhdiuvy

 

5. no. You need to use the cleartext password for replication credentials

 

ÂÂÂÂÂÂÂÂÂÂ credentials=sillypassword

 

6. you can only hash your rootpw. You will need to use a cleartext password to authenticate.

 

Greetings

Christian

 

--

Christian KratzerÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ CK Software GmbH

Email:ÂÂ ck@cksoft.deÂÂÂÂÂÂÂÂÂÂÂÂÂÂ Wildberger Weg 24/2

Phone:ÂÂ +49 7032 893 997 - 0ÂÂÂÂÂÂ D-71126 Gaeufelden

Fax:ÂÂÂÂ +49 7032 893 997 - 9ÂÂÂÂÂÂ HRB 245288, Amtsgericht Stuttgart

Mobile:Â +49 171 1947 843ÂÂÂÂÂÂÂÂÂÂ Geschaeftsfuehrer: Christian Kratzer

Web:ÂÂÂÂ http://www.cksoft.de/