[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
SASL Replication problem, need your help
- To: openldap-software <openldap-software@OpenLDAP.org>
- Subject: SASL Replication problem, need your help
- From: Simon Gao <sgao@sci.utah.edu>
- Date: Wed, 15 Jan 2003 12:11:55 -0700
- User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.1) Gecko/20020827
Hi,
I am trying to get replication over SASL working, but got stuck
somewhere. I nee
d your help.
Here is my setting: Redhat 8.0, OpenLDAP 2.1.12, Cyrus-SASL 2.1.10, BDB
4.1.25.
On master ldap, slapd.conf includes:
replogfile /usr/local/openldap/var/openldap-slurp/replica/replog.log
replica host=slave.sample.com:389
binddn="uid=REPL.SAMPLE.COM"
bindmethod=sasl
saslmech=DIGEST-MD5
authcID="REPL.SAMPLE.COM"
authzID="REPL.SAMPLE.COM"
realm="slave.sample.com"
credentials="qwaszx"
On slave ldap, slapd.conf inclues:
access to attr=userPassword,lmPassword,ntPassword
by dn="cn=manager,dc=sample,dc=com" write
by dn="UID=REPL.SAMPLE.COM" write
by anonymous auth
by self read
by * none
access to *
by dn="cn=manager,dc=sample,dc=com" write
by dn="UID=REPL.SAMPLE.COM" write
by * read
updatedn "UID=REPL.SAMPLE.COM@REALM=slave.sample.com"
updateref ldaps://master.sample.com:636
The replication user, REPL.SAMPLE.COM, is added to /etc/sasldb2. And
Slapd.conf in /usr/lib/sasl2 specifies using:
pwcheck_method: sasldb2
Testing SASL set up on both master and slave looks normal:
> ldapsearch -x -b '' -s base '(objectclass=*)' '+' '*'
dn:
objectClass: top
objectClass: OpenLDAProotDSE
structuralObjectClass: OpenLDAProotDSE
namingContexts: dc=sample,dc=com
supportedControl: 2.16.840.1.113730.3.4.2
supportedControl: 1.3.6.1.4.1.4203.1.10.2
supportedControl: 1.2.826.0.1.334810.2.3
supportedExtension: 1.3.6.1.4.1.4203.1.11.3
supportedExtension: 1.3.6.1.4.1.4203.1.11.1
supportedExtension: 1.3.6.1.4.1.1466.20037
supportedFeatures: 1.3.6.1.4.1.4203.1.5.1
supportedFeatures: 1.3.6.1.4.1.4203.1.5.2
supportedFeatures: 1.3.6.1.4.1.4203.1.5.3
supportedFeatures: 1.3.6.1.4.1.4203.1.5.4
supportedFeatures: 1.3.6.1.4.1.4203.1.5.5
supportedLDAPVersion: 2
supportedLDAPVersion: 3
supportedSASLMechanisms: ANONYMOUS
supportedSASLMechanisms: CRAM-MD5
supportedSASLMechanisms: DIGEST-MD5
supportedSASLMechanisms: LOGIN
supportedSASLMechanisms: PLAIN
supportedSASLMechanisms: OTP
subschemaSubentry: cn=Subschema
Also, I can bind to slave ldap both from master and slave with:
> ldapsearch -Y DIGEST-MD5 -U REPL.SAMPLE.COM -b dc=sample,dc=com \
'uid=joe' -H ldap://slave.sample.com
SASL/DIGEST-MD5 authentication started
Please enter your password:
This will retrieve the information being requestd.
However, once updates being pushed to the slave, the following error
ocurred:
Error: ldap_modify_s failed modifying "No such object":
uid=joe,ou=people,dc=sample,dc=com
It seemed to me that REPL.SAMPLE.COM did not acutally bind to the slave, but
how should I set up replca section to make right binding for the right user?
Can you see anything wrong with my settings?
Thanks.
Simon Gao