[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Replication auth problems



On the master server, you actually put the literal string in the "credentials" field...Not the encrypted version....The
master sends the slave the unencrypted string and the slave encrypts it and compares it against it's hash.

James Macnicol wrote:

> Hello,
>
>         I am trying to setup a pair of servers with replicated/redundant
> OpenLDAP.  The problem is that I can't get slurpd on the server to
> sucessfully connect with slapd on the slave: in the slave's log
>
> Mar 29 17:48:52 failure slapd[5849]: conn=1 fd=7 connection from tristan.anu.edu.au (150.203.127.218) accepted.
> Mar 29 17:48:52 failure slapd[5886]: conn=1 op=0 BIND dn="UID=MANAGER,DC=TELENG,DC=ANU" method=128
> Mar 29 17:48:52 failure slapd[5886]: conn=1 op=0 RESULT err=49 tag=97 nentries=0
>
>         which I gather means invalid credentials.  On the slave machine I
> have :
>
> suffix          "dc=teleng,dc=anu"
> rootdn          "uid=Manager,dc=teleng,dc=anu"
> rootpw          {SHA}blahblah
> updatedn "uid=Manager,dc=teleng,dc=anu"
>
>         (other stuff snipped) and on the master I have
>
> suffix          "dc=teleng,dc=anu"
> rootdn          "uid=Manager,dc=teleng,dc=anu"
> rootpw          {SHA}blahblah
> replica host=failure.anu.edu.au:389 binddn="uid=Manager,dc=teleng,dc=anu" bindmethod=simple credentials={SHA}blahblah
>
>         i.e. I'm using the "root" account for replication (I can't see
> why you need a separate replication account here, but in any case I
> doubt this is why it doesn't work).  Does anyone have any idea why
> this is failing ?  I'm using OpenLDAP 1.2.11 (comes with SuSE 7.1).
> BTW, I believe I *had* this going with OpenLDAP 2.0.7 but I had to
> downgrade because getting the LDAP + Samba TNG integration going
> seemed very difficult with that version.
>
> Thanks.
>
> --
> James Macnicol
> jamesm@faceng.anu.edu.au