[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: any help on "ldap_sasl_bind_s failed (53)"

To: wailok tam <wailoktam@yahoo.com>
Subject: Re: any help on "ldap_sasl_bind_s failed (53)"
From: Jephte Clain <jephte.clain@univ-reunion.fr>
Date: Wed, 19 Nov 2014 13:25:29 +0400
Cc: "openldap-technical@openldap.org" <openldap-technical@openldap.org>
In-reply-to: <143300595.1732703.1416382682651.JavaMail.yahoo@jws100103.mail.ne1.yahoo.com>
References: <143300595.1732703.1416382682651.JavaMail.yahoo@jws100103.mail.ne1.yahoo.com>

hello,

I would say, try to understand the meaning of what you do. The
openldap admin guide is a good place to start.

- for instance, on the slave, you bind to the master with dn
uid=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp and password
secretofreplicator
does this objet exist *on the master*? with the right password? does
this account have the right acl to read everything on the master
(i.e., on the master, the acl is defined for cn=replicator,... which
is not the same as uid=replicator,...)
- also, why would you use the replicator dn as the rootdn for the slave?

one last thing: I advise you change the password of both the master
and slave. posting the file with the hash password of the root dn on
the internet is not a good idea :-)

good luck


2014-11-19 11:38 GMT+04:00 wailok tam <wailoktam@yahoo.com>:
> Hi, I am new to ldap. I am following the book "Mastering Openldap" to set up
> replication
> but I am getting the error given in the title when I start the slave with
> "splad -d sync" . Replication does
> not work.
>
> ******************************************************************************************************
>
> slapd.conf of the Master:
>
> include         /etc/openldap/schema/core.schema
> include         /etc/openldap/schema/cosine.schema
> include         /etc/openldap/schema/inetorgperson.schema
> include         /etc/openldap/schema/nis.schema
> include         /etc/openldap/schema/samba.schema
>
>
> #modulepath /usr/lib/openldap
> #moduleload syncprov.la
>
> # Allow LDAPv2 client connections.  This is NOT the default.
> allow bind_v2
>
> # Do not enable referrals until AFTER you have a working directory
> # service AND an understanding of referrals.
> #referral       ldap://root.openldap.org
>
> pidfile         /var/run/openldap/slapd.pid
> argsfile        /var/run/openldap/slapd.args
>
> #sasl-realm ier.hit-u.ac.jp
> #sasl-host localhost
> #authz-regexp uid=([^,]*),cn=ier.hit-u.ac.jp,cn=DIGEST-MD5,cn=auth
>         cn=$1,dc=ier,dc=hit-u,dc=ac,dc=jp
>
> #######################################################################
> # ldbm and/or bdb database definitions
> #######################################################################
>
> database        bdb
> suffix          "dc=ier,dc=hit-u,dc=ac,dc=jp"
> rootdn          "cn=root,dc=ier,dc=hit-u,dc=ac,dc=jp"
> #rootpw          {MD5}x1Ktlhm0p7RPnl/G01rhTQ==
> rootpw secret
> #password-hash   {MD5}
> directory       /var/lib/ldap
>
> TLSCACertificateFile /usr/share/ssl/certs/nii-odca2.crt
> TLSCertificateFile /usr/share/ssl/certs/mail.ier.hit-u.ac.jp.crt
> TLSCertificateKeyFile /usr/share/ssl/certs/mail.ier.hit-u.ac.jp.key
>
> overlay syncprov
> syncprov-checkpoint 50 10
> syncprov-sessionlog 100
>
> # Indices to maintain for this database
> index objectClass                       eq,pres
> index ou,cn,mail,surname,givenname      eq,pres,sub
> index uidNumber,gidNumber,loginShell    eq,pres
> index uid,memberUid                     eq,pres,sub
> index nisMapName,nisMapEntry            eq,pres,sub
> index entryCSN,entryUUID eq
> idlcachesize 1000
>
>
> access to attrs=userPassword
>   by self write
>   by dn="cn=root,dc=ier,dc=hit-u,dc=ac,dc=jp" write
>   by dn="cn=dovecot,dc=ier,dc=hit-u,dc=ac,dc=jp" read
>   by dn.exact="cn=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp" read
>   by anonymous auth
>   by * none
>
>
>
> access to attrs=SambaLMPassword,SambaNTPassword
>   by dn="cn=root,dc=ier,dc=hit-u,dc=ac,dc=jp" write
>   by dn="cn=dovecot,dc=ier,dc=hit-u,dc=ac,dc=jp" read
>   by dn.exact="cn=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp" read
>   by self read
>   by anonymous auth
>   by * none
>
> access to *
>   by self write
>   by dn="cn=root,dc=ier,dc=hit-u,dc=ac,dc=jp" write
>   by dn.exact="cn=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp" read
>   by * read
>
> *****************************************************************************************************
>
> sladp.conf of the slave:
>
> include         /etc/openldap/schema/core.schema
> include         /etc/openldap/schema/cosine.schema
> include         /etc/openldap/schema/inetorgperson.schema
> include         /etc/openldap/schema/nis.schema
> include         /etc/openldap/schema/samba.schema
>
> # Allow LDAPv2 client connections.  This is NOT the default.
> allow bind_v2
>
> # Do not enable referrals until AFTER you have a working directory
> # service AND an understanding of referrals.
> #referral       ldap://root.openldap.org
>
> pidfile         /var/run/openldap/slapd.pid
> argsfile        /var/run/openldap/slapd.args
>
> #######################################################################
> # ldbm and/or bdb database definitions
> #######################################################################
>
> database        bdb
> suffix          "dc=ier,dc=hit-u,dc=ac,dc=jp"
> #rootdn          "cn=root,dc=ier,dc=hit-u,dc=ac,dc=jp"
> rootdn          "cn=replicator,dc=ier,dc=hit-u,dc=ac,dc=jp"
> #rootpw          {MD5}x1Ktlhm0p7RPnl/G01rhTQ==
> rootpw secretofreplicator
> #password-hash   {MD5}
> directory       /var/lib/ldap
> #TLSCACertificateFile /usr/share/ssl/certs/nii-odca2.crt
> #TLSCertificateFile /usr/share/ssl/certs/mail.ier.hit-u.ac.jp.crt
> #TLSCertificateKeyFile /usr/share/ssl/certs/mail.ier.hit-u.ac.jp.key
>
>
> # Replicas of this database
> #updatedn  cn=replicator,dc=ier,dc=hit-u,dc=ac,dc=jp
> #updateref uri=ldap://192.168.84.22
>
> # Indices to maintain for this database
> index objectClass                       eq,pres
> index ou,cn,mail,surname,givenname      eq,pres,sub
> index uidNumber,gidNumber,loginShell    eq,pres
> index uid,memberUid                     eq,pres,sub
> index nisMapName,nisMapEntry            eq,pres,sub
> index entryCSN,entryUUID eq
> idlcachesize 1000
>
>
> #access to attrs=userPassword
> #  by dn="cn=replicator,dc=ier,dc=hit-u,dc=ac,dc=jp" write
> #  by self write
> #  by anonymous auth
> #  by * none
>
>
> #access to *
> #  by dn="cn=replicator,dc=ier,dc=hit-u,dc=ac,dc=jp" write
> #  by self write
> #  by * read
>
>
>
>
> #loglevel stats sync
>
> syncrepl rid=001
>     provider=ldap://mail.ier.hit-u.ac.jp
>     type=refreshAndPersist
>     interval=00:00:05:00
>     searchbase="dc=ier,dc=hit-u,dc=ac,dc=jp"
>     binddn="uid=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp"
>     bindmethod=simple
> #    bindmethod=sasl saslmech=DIGEST-MD5
> #    authcid=replicator
>     credentials=secretofreplicator
>
> updateref       ldap://mail.ier.hit-u.ac.jp/
>
>
> *****************************************************************************************
> what puzzles me is that:
>
> I try on the slave to access the master with
> ldapsearch -x -H ldap://mail.ier.hit-u.ac.jp  -W -D
> 'cn=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp' '(uid=someone)'
>
> and it works.
>
> What is wrong? I really need your help.
>
>



-- 
cordialement,
Jephté Clain
Direction des Systèmes d'Information
et des Usages Numériques - 2IG
Tél. 0262 93 86 31
Fax. 0262 93 81 06

References:
- any help on "ldap_sasl_bind_s failed (53)"
  - From: wailok tam <wailoktam@yahoo.com>

Prev by Date: any help on "ldap_sasl_bind_s failed (53)"
Next by Date: Re: any help on "ldap_sasl_bind_s failed (53)"
Index(es):
- Chronological
- Thread