[Date Prev][Date Next] [Chronological] [Thread] [Top]

Problem concerning LDAP replication with slurpd

Hello,

I have a problem regarding LDAP replication with slurpd. All the update I make end up in the reject file with no error message. I use openldap 2.1.29-1.

Here is what a debug mode gives:
# /usr/sbin/slurpd -d 4 -f /etc/openldap/slapd.conf -r /var/lib/ldap/openldap-master-replog

@(#) $OpenLDAP: slurpd 2.1.29 (Apr 14 2004 14:57:16) $
root@tweety.devel.redhat.com:/usr/src/build/387567-i386/BUILD/openldap-2.1.29/build-servers/servers/slurpd

begin replication thread for slaveldap.mondomaine.fr:389
Initializing session to ldap://slaveldap.mondomaine.fr:389
request 1 done
bind to slaveldap.mondomaine.fr as ldap_repl/masterldap.mondomaine.fr@MONDOMAINE.FR via GSSAPI (SASL)
request 2 done
request 3 done
request 4 done
replica slaveldap.mondomaine.fr:389 - modify dn "uid=cedric,ou=people,dc=mondomaine,dc=fr"
Error: ldap_modify_s failed modifying "": uid=cedric,ou=people,dc=mondomaine,dc=fr
Error: ldap operation failed, data written to "/var/lib/ldap/replica/slaveldap.mondomaine.fr:389.rej"

seems like the bind to the slave via SASL is ok, the ticket for the replication service (ldap_repl) is not expired.

Here is what I have in the replication part of the slapd.conf for the master:
[...]
replogfile /var/lib/ldap/openldap-master-replog
replica uri=ldap://slaveldap.mondomaine.fr:389
tls=critical
bindmethod=sasl saslmech=GSSAPI
binddn="ldap_repl/masterldap.mondomaine.fr@MONDOMAINE.FR"
----------------------------------------------
and for the slave:
[...]
updatedn "uid=ldap_repl/masterldap.mondomaine.fr@MONDOMAINE.FR"
updateref ldaps://masterldap.mondomaine.fr/
----------------------------------------------
The ACL I have on the master and the slave are identical :
access to *
by dn="uid=ldap_repl/masterldap.mondomaine.fr@MONDOMAINE.FR" write
by dn="uid=[^/]+/admin@MONDOMAINE.FR" write
by * read

Thanks for your help
Cédric