[Date Prev][Date Next] [Chronological] [Thread] [Top]

I can not get Replication via digest-md5



Hi list,

I have two PC-linux RH Enterprise Edition with OpenLdap 2.1.29, one working
as Master and the other working as Slave. The database is Berkeley DB
4.1.25. Cyrus-SASL version is 2.1.15.
My job is to get replication and it works well with the simple mechanism.
This is not true when I use the digest-md5 mechanism. The Slave authorizes
the request coming from slurpd but gets a strange error related to the
updateref instruction. The simple mechanism didn't require the updateref
instruction.

The modification request was performed (on the Master PC) using ldapmodify
giving in input a ldif file:

dn: uid=CO,ou=Operator,o=Organization
changetype: modify
replace: description
description: new-descrition

Only the Master database was modified.

The Slapd error message on the Slave is :

[root@LDAPSlave etc]# /usr/local/libexec/slapd -d 260 -f sldap.conf
daemon_init: <null>
daemon: socket() failed errno=97 (Address family not supported by protocol)
bdb_initialize: Sleepycat Software: Berkeley DB 4.1.25: (August 21, 2003)
bdb_db_init: Initializing BDB database
bdb_db_open: o=Organization
slapd starting
conn=0 fd=10 ACCEPT from IP=10.1.28.31:32824 (IP=0.0.0.0:389)
connection_get(10)
conn=0 op=0 BIND
dn="uid=replicator,ou=Staff,o=Organization,cn=digest-md5,cn=auth" method=163
==> sasl_bind:
dn="uid=replicator,ou=Staff,o=Organization,cn=digest-md5,cn=auth"
mech=DIGEST-MD5 datalen=265
connection_get(10)
conn=0 op=1 BIND
dn="uid=replicator,ou=Staff,o=Organization,cn=digest-md5,cn=auth" method=163
==> sasl_bind:
dn="uid=replicator,ou=Staff,o=Organization,cn=digest-md5,cn=auth"
mech=<continuing> datalen=265
SASL Canonicalize [conn=0]: authcid="admin"
slap_sasl_getdn: id=admin [len=5]
SASL Canonicalize [conn=0]: authcDN="uid=admin,cn=digest-md5,cn=auth"
SASL Canonicalize [conn=0]: authzid="admin"
SASL Authorize [conn=0]: authcid="admin" authzid="admin"
conn=0 op=1 BIND authcid="admin"
conn=0 op=1 BIND dn="uid=admin,cn=digest-md5,cn=auth" mech=DIGEST-MD5
ssf=128
connection_get(10)
do_modify: dn (uid=CO,ou=Operator,o=Organization)
modifications:
        replace: description
                one value, length 35
        replace: entryCSN
                one value, length 31
        replace: modifiersName
                one value, length 31
        replace: modifyTimestamp
                one value, length 15
conn=0 op=2 MOD dn="uid=CO,ou=Operator,o=Organization"
conn=0 op=2 MOD attr=description entryCSN modifiersName modifyTimestamp
send_ldap_result: err=10 matched="" text=""
send_ldap_result:
referral="ldap://10.1.28.31/uid=CO,ou=Operator,o=Organization";
send_ldap_response:
ref="ldap://10.1.28.31/uid=CO,ou=Operator,o=Organization";
conn=0 op=2 RESULT tag=103 err=10 text=


The Master configuration file is :

include		/usr/local/etc/openldap/schema/core.schema
include		/usr/local/etc/openldap/schema/cosine.schema
include		/usr/local/etc/openldap/schema/inetorgperson.schema
access 	to * by read
database 	bdb
suffix 	"o=Organization"
directory 	/home/giampaolorossi/OpenLDAP/Database
rootdn 	"uid=root,o=Organization,cn=digest-md5,cn=auth"
sasl-regexp	uid=(.*),cn=LDAPMaster,cn=digest-md5,cn=auth
		uid=$1,ou=Operator,o=Organization
replogfile	/home/giampaolorossi/OpenLDAP/Replication/slapd.replog
#
replica	host=10.1.30.125:389
	
binddn="uid=replicator,ou=Staff,o=Organization,cn=digest-md5,cn=auth"
		bindmethod=sasl
		saslmech=digest-md5
		authcid=admin
		credentials=admin_PWD
#
index		cn,sn,uid 		pres,eq
index		objectClass 	eq
#index		default		none
#
access	to *
		by selfwrite
		by dn.base="cn=admin, ou=Operator, o=Organization" write
		by dn.base="cn=admin, ou=Staff, o=Organization" write
		by * read

The Slave configuration file is similar (the access has the grant for the
replicator ) but has two new instructions :
updatedn
"uid=replicator,ou=Staff,o=Organization,cn=digest-md5,cn=auth"
updateref ldap://10.1.28.31

If I remove the updateref instruction I get "referrral missing" error.
But adding this instruction I get a new error.

I need help.

Anybody know the problem ?

Many thanks.

Giampaolo






_______________________________
Giampaolo Rossi
DATAMAT S.p.A.
Defence Space & Environment Division
Via Laurentina 760
00143   Rome  (Italy)
Tel.   +39 065027.2571
Fax.  +39 065027.2125
mailto:giampaolo.rossi@datamat.it
http://www.datamat.it

 


<<attachment: winmail.dat>>