Eivind Olsen wrote:
Michael Ströder wrote:
49 is "invalidCredentials".
Likely either one of the following reasons are causing this:
- entry cn=replicator,ou=admins,ou=internal,o=aminor does not exist
- the password is wrong
- some ACLs reject authentication
That's what puzzles me. I can from both nodes do ldapsearch as the
replication user to both nodes, and that part behaves as I'd expect it to
(I get a connection with answers, and if I try to connect with the wrong
password I get "ldap_bind: Invalid credentials (49)").
dn: olcDatabase={3}hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {3}hdb
olcDbDirectory: /usr/local/openldap/var/openldap-data/radius
olcSuffix: ou=radius,ou=no,o=aminor
olcSyncrepl: {0}rid=005 provider=ldap://ldap01-testing.aminor.no binddn
="cn=replicator,ou=admins,ou=internal,o=aminor" bindmethod=simple credent
ials=<REPLICATOR-password> searchbase="ou=radius,ou=no,o=aminor"
type=refreshAndPersis
t retry="5 5 5 +" timeout=3
olcSyncrepl: {1}rid=006 provider=ldap://ldap02-testing.aminor.no binddn
="cn=replicator,ou=admins,ou=internal,o=aminor" bindmethod=simple credent
ials=<REPLICATOR-password> searchbase="ou=radius,ou=no,o=aminor"
type=refreshAndPersi
st retry="5 5 5 +" timeout=3
Clearly you have a mistake in the password of one of these two lines, because
if they were identical they would be identical in length, but they wrap the
"refreshAndPersist" in two different positions.