Hi list, I have two PC-linux RH Enterprise Edition with OpenLdap 2.1.29, one working as Master and the other working as Slave. The database is Berkeley DB 4.1.25. Cyrus-SASL version is 2.1.15. My job is to get replication and it works well with the simple mechanism. This is not true when I use the digest-md5 mechanism. The Slave authorizes the request coming from slurpd but gets a strange error related to the updateref instruction. The simple mechanism didn't require the updateref instruction. The modification request was performed (on the Master PC) using ldapmodify giving in input a ldif file: dn: uid=CO,ou=Operator,o=Organization changetype: modify replace: description description: new-descrition Only the Master database was modified. The Slapd error message on the Slave is : [root@LDAPSlave etc]# /usr/local/libexec/slapd -d 260 -f sldap.conf daemon_init: <null> daemon: socket() failed errno=97 (Address family not supported by protocol) bdb_initialize: Sleepycat Software: Berkeley DB 4.1.25: (August 21, 2003) bdb_db_init: Initializing BDB database bdb_db_open: o=Organization slapd starting conn=0 fd=10 ACCEPT from IP=10.1.28.31:32824 (IP=0.0.0.0:389) connection_get(10) conn=0 op=0 BIND dn="uid=replicator,ou=Staff,o=Organization,cn=digest-md5,cn=auth" method=163 ==> sasl_bind: dn="uid=replicator,ou=Staff,o=Organization,cn=digest-md5,cn=auth" mech=DIGEST-MD5 datalen=265 connection_get(10) conn=0 op=1 BIND dn="uid=replicator,ou=Staff,o=Organization,cn=digest-md5,cn=auth" method=163 ==> sasl_bind: dn="uid=replicator,ou=Staff,o=Organization,cn=digest-md5,cn=auth" mech=<continuing> datalen=265 SASL Canonicalize [conn=0]: authcid="admin" slap_sasl_getdn: id=admin [len=5] SASL Canonicalize [conn=0]: authcDN="uid=admin,cn=digest-md5,cn=auth" SASL Canonicalize [conn=0]: authzid="admin" SASL Authorize [conn=0]: authcid="admin" authzid="admin" conn=0 op=1 BIND authcid="admin" conn=0 op=1 BIND dn="uid=admin,cn=digest-md5,cn=auth" mech=DIGEST-MD5 ssf=128 connection_get(10) do_modify: dn (uid=CO,ou=Operator,o=Organization) modifications: replace: description one value, length 35 replace: entryCSN one value, length 31 replace: modifiersName one value, length 31 replace: modifyTimestamp one value, length 15 conn=0 op=2 MOD dn="uid=CO,ou=Operator,o=Organization" conn=0 op=2 MOD attr=description entryCSN modifiersName modifyTimestamp send_ldap_result: err=10 matched="" text="" send_ldap_result: referral="ldap://10.1.28.31/uid=CO,ou=Operator,o=Organization" send_ldap_response: ref="ldap://10.1.28.31/uid=CO,ou=Operator,o=Organization" conn=0 op=2 RESULT tag=103 err=10 text= The Master configuration file is : include /usr/local/etc/openldap/schema/core.schema include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/inetorgperson.schema access to * by read database bdb suffix "o=Organization" directory /home/giampaolorossi/OpenLDAP/Database rootdn "uid=root,o=Organization,cn=digest-md5,cn=auth" sasl-regexp uid=(.*),cn=LDAPMaster,cn=digest-md5,cn=auth uid=$1,ou=Operator,o=Organization replogfile /home/giampaolorossi/OpenLDAP/Replication/slapd.replog # replica host=10.1.30.125:389 binddn="uid=replicator,ou=Staff,o=Organization,cn=digest-md5,cn=auth" bindmethod=sasl saslmech=digest-md5 authcid=admin credentials=admin_PWD # index cn,sn,uid pres,eq index objectClass eq #index default none # access to * by selfwrite by dn.base="cn=admin, ou=Operator, o=Organization" write by dn.base="cn=admin, ou=Staff, o=Organization" write by * read The Slave configuration file is similar (the access has the grant for the replicator ) but has two new instructions : updatedn "uid=replicator,ou=Staff,o=Organization,cn=digest-md5,cn=auth" updateref ldap://10.1.28.31 If I remove the updateref instruction I get "referrral missing" error. But adding this instruction I get a new error. I need help. Anybody know the problem ? Many thanks. Giampaolo _______________________________ Giampaolo Rossi DATAMAT S.p.A. Defence Space & Environment Division Via Laurentina 760 00143 Rome (Italy) Tel. +39 065027.2571 Fax. +39 065027.2125 mailto:giampaolo.rossi@datamat.it http://www.datamat.it
<<attachment: winmail.dat>>