[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: SASL/GSSAPI + slurpd replication
Sounds like you're making blind guesses, and you're asking us to as well.
Some version numbers would probably help.
A snippet of your slave slapd's debug output would also help. What request
is being made that returns "no such object" ?
I have just now successfully tested this using OpenLDAP 2.1.3, so I know it
works.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support
> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of C. Grierson
> Sent: Thursday, July 11, 2002 12:03 PM
> To: openldap-software@OpenLDAP.org
> Subject: SASL/GSSAPI + slurpd replication
>
>
> hello,
>
> i have combed through all 600+ matches for "no such object" and read
> through turbo's openldap howto thoroughly, and yet i still can't get
> my SASL/GSSAPI slurpd replication to work. like others with this issue,
> all other functionality works; i can bind to the slave and search
> around with 'ldapsearch' (and see sensitive data) via SASL, and i can
> even use 'ldapmodify' to submit the rejected slurpd modifications via
> SASL. my slave has the EXACT same data, as i simply copied the .dbb files
> from the master (and, yes, i had the same problems when populating the
> slave from an LDIF).
>
> i have convinced myself from other peoples' experiences and my own, that
> it is an access control problem. when i change my updatedn to gibberish
> (just to see what happens), i notice that the error becomes "insufficient
> access". interesting, since this would somehow mean that the updatedn is
> being recognized as 'special' (in that it gives "no such object" errors,
> as opposed to the access errors for all other updatedns).
>
> i noticed that on turbo's site (bayour.com), the suggested updatedn,
> "uid=replicator.+\+realm=FOO" will halt my slave slap in it's tracks with
> an "invalid dn" error from the config file on startup. i've noticed in
> the debug output that the actual dn that gets used is
> "uid=replicator+realm=FOO" (foo being my realm), and using a single '.'
> works for the binds.
>
> in any case, this is driving me nuts, as it seems that everything should
> be working... i can see that slurpd binds with the same dn as ldapXXX
> does when using SASL, so what could possibly be the problem...?
>
> thanks very much in advance,
>
> -chris grierson
>