[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Replication error
- To: openldap-technical@openldap.org
- Subject: Replication error
- From: Ervin Hegedüs <airween@gmail.com>
- Date: Tue, 10 Oct 2017 17:39:48 +0200
- Content-disposition: inline
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:subject:message-id:mime-version:content-disposition :user-agent; bh=TdHZyzPbEvfw2TjGQUiHSybcGU9S+cL0ngo2wSuC+S4=; b=jUXKOI39A9W1hgrv0yfEDdQuVhUDTHsY4KNTcXgMJrXUGY71bb07g851Uerb5Hymr/ SqIpPzowycTDdi6+4d8cskVe5ivB47h/smtHqmR18pF4fNDNnONuzDbcQztB0k6uzzow Z2wBcBolksquLWxuIwWG1k5GVS9X1Q6BUtLhVUgnmQKFR4VDDaNmWXbsFCIoWPRZd6cE 2ZHcsypaTKxzh0NVty26O6EaypnoshPI2ggS5vtqLOlEiR7zAjT02azwF4xFt989W+UC grjhKXBSJFycSLkXcWRQvksc7393AVct01vunwQGA8HbXyHCkHLK6wm8ygS6bhrTDPJL y8DA==
- User-agent: Mutt/1.5.24 (2015-08-30)
Hi,
I (think I) setting up completly a master-slave replication.
The replication user can access from the slave (ldapsearch
works).
Here is the config, what I added on slave:
dn: olcDatabase={1}mdb,cn=config
changetype: modify
replace: olcSyncRepl
olcSyncRepl: rid=001
provider=ldaps://master:636/
bindmethod=simple
binddn="uid=repuser,dc=my,dc=domain,dc=hu"
credentials=SECRET
searchbase="dc=my,dc=domain,dc=hu"
scope=sub
schemachecking=on
type=refreshAndPersist
retry="30 5 300 3"
interval=00:00:05:00
tls_cacert=/etc/ldap/CAcert.pem
tls_cert=/etc/ldap/slave_cert.pem
tls_key=/etc/ldap/slave_key.pem
tls_reqcert=demand
And now I found these lines in syslog:
Oct 10 17:36:40 open-ldap2 slapd[4640]: Entry (cn=admin,dc=my,dc=domain,dc=hu): object class 'simpleSecurityObject' requires attribute 'userPassword'
Oct 10 17:36:40 open-ldap2 slapd[4640]: null_callback : error code 0x41
Oct 10 17:36:40 open-ldap2 slapd[4640]: syncrepl_entry: rid=001 be_add cn=admin,dc=my,dc=domain,dc=hu failed (65)
Oct 10 17:36:41 open-ldap2 slapd[4640]: do_syncrepl: rid=001 rc 65 retrying (4 retries left)
I think this occures, because the cn=admin,dc=... user is a
simpleSecurityObject, and could't access the userPassword from
the ldapsearch - or not :).
Anyway - how can I solve this problem?
Thanks,
a.