Re: any help on "ldap_sasl_bind_s failed (53)"

[Andrew Findlay <andrew.findlay@skills-1st.co.uk>]

On Wed, Nov 19, 2014 at 07:38:02AM +0000, wailok tam wrote:

> Subject: any help on "ldap_sasl_bind_s failed (53)"

> but I am getting the error given in the title when I start the slave with
> "splad -d sync" . Replication does 
> not work. 

> sladp.conf of the slave:

> syncrepl rid=001                                   
>     provider=ldap://mail.ier.hit-u.ac.jp      
>     type=refreshAndPersist
>     interval=00:00:05:00
>     searchbase="dc=ier,dc=hit-u,dc=ac,dc=jp"          
>     binddn="uid=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp"
>     bindmethod=simple
> #    bindmethod=sasl saslmech=DIGEST-MD5
> #    authcid=replicator 
>     credentials=secretofreplicator

The two comment lines are likely to be the problem. the manpage for
slapd.conf says:

       If a line begins with white space, it is considered a continuation
       of the previous line.  No physical line should be over 2000
       bytes long.

       Blank lines and comment lines beginning with a `#' character are
       ignored.  Note: continuation lines are unwrapped before comment
       processing is applied.

That says to me that comments inside an indented block are to be avoided.

As an aside, you may not want to use DIGEST-MD5 anyway, as it requires
the server to store the password in cleartext rather than hashed.

Andrew
-- 
-----------------------------------------------------------------------
|                 From Andrew Findlay, Skills 1st Ltd                 |
| Consultant in large-scale systems, networks, and directory services |
|     http://www.skills-1st.co.uk/                +44 1628 782565     |
-----------------------------------------------------------------------