[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Slave/Replica server authentication/authorization question
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I lied, it's not working still. It's now allowing me to authenticate
my linux machines, but if I use ldapsearch -x -D
"cn=ahirsch,ou=web,ou=projects,dc=cellnet,dc=com" -W I'm still getting
err=49. I've appended the same ACL's that are on the master server to
the slave/replica server and the problem is persisting. I've double
checked permissions on /var/lib/ldap files and they are owned by ldap,
which is who slapd is running as.
I've verified the passwords are correct so, I'm back to square one.
Does anyone know why the ACL's work on the master but not on the
slave? Could it possibly be DNS related? Both hosts resolve by name,
but only the masters reverse lookup is working properly.
TIA
| Well, I'm not really sure if this was the fix or not, but on the
| master server I had password-has {CRYPT} and I didn't have it on
| the slave/replica server. I changed this and everything is working
| as it should.
|
| | I have a master server and a slave/replica server. All the |
| information that is popluated in the master server is in the |
| slave/replica server. Changes performed on the master server are |
| propogated out properly to the slava/replica server. I've verified
| | this through the use of the ldapbrowser tool. The problem is
| that | if I point a ldap client to the slave/replica server for |
| authentication it fails. Yup, I get err=49 when attempting to bind
| | to the slave/replica server. | | openldap 2.2.4, openssl-0.9.7c,
| cyrus-sasl-2.1.17 and db-4.2.52 are | the packages used, which are
| the same on the master server. | | Here is the slapd.conf from the
| slave/replica server: | | bash-2.05# cat slapd.conf # # See
| slapd.conf(5) for details on | configuration options. # This file
| should NOT be world readable. # | include
| /opt/ldap/etc/openldap/schema/core.schema include |
| /opt/ldap/etc/openldap/schema/cosine.schema include |
| /opt/ldap/etc/openldap/schema/inetorgperson.schema include |
| /opt/ldap/etc/openldap/schema/nis.schema include |
| /opt/ldap/etc/openldap/schema/misc.schema include |
| /opt/ldap/etc/openldap/schema/solaris.schema | | allow bind_v2
| bind_anon_dn loglevel 296 pidfile |
| /opt/ldap/var/run/slapd.pid argsfile | /opt/ldap/var/run/slapd.args
| | | TLSCipherSuite HIGH:MEDIUM TLSCertificateFile |
| /opt/ldap/etc/openldap/slapd-cert.pem TLSCertificateKeyFile |
| /opt/ldap/etc/openldap/slapd-key.pem | | database bdb
| readonly off suffix | "dc=cellnet,dc=com" rootdn
| "cn=replica,dc=cellnet,dc=com" | updatedn
| "cn=replica,dc=cellnet,dc=com" updateref |
| https://konldap1.cellnet.com/ldap/ldap_config.pl rootpw |
| {SSHA}5vb4Mp3BltJOBhnwCecA6FGN1zECY7Wp directory | /var/lib/ldap
| mode 0700 | | index objectClass
| eq,pres index | ou,cn,mail,surname,givenname eq,pres,sub index
| | uidNumber,gidNumber,loginShell eq,pres index uid,memberUid |
| eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub |
| index nisNetgroupTriple pres | | I'm looking online
| now, but not finding any answers. The master | server is a RH 3.0
| Linux server and the slave/replica is a Sun | Solaris 9 machine. |
| | Does anyone have any insight into why
| authorization/authentication | works on the master but not the
| slave/replica? | | I did have the same ACL's on the slave/replica
| as the master but | that didn't work either.
- --
Aaron M. Hirsch
Atos Origin - Cellnet
11146 Thompson Ave.
Lenexa, KS 66219
Work:(913) 312-4717
Fax:(913) 312-4701
Mobile:(913) 284-9094
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFAPQN/gBD+XyMGAPwRAo87AJ47iFWKyZuS3RLh5rkOTkuc7qEzCgCdGztx
0cNfBY9Z6N/57Uuvx2SKgZI=
=Fibw
-----END PGP SIGNATURE-----