[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: replica uri don't allow uri (Was: slurpd questions)
--On Thursday, January 06, 2005 10:40 AM +0100 Turbo Fredriksson
<turbo@bayour.com> wrote:
Quoting Quanah Gibson-Mount <quanah@stanford.edu>:
Standards, Environments, and Macros SLAPD.CONF(5)
replica
uri=ldap[s]://<hostname>[:port]|host=<hostname>[:port]
Since it states 'uri=...', then i though that 'ldapi' would be allowed
but it don't seem to work. Neither do 'ldaps'...
It specifically states the ldap and ldaps URI. I believe slurpd predates
ldapi. If it supported ldapi, I'm sure it would say:
uri=ldap[is]://.......
If you are going to do ldaps:// you likely need to specify the port:
ldaps://<hostname>:636
The 'replog' file get's truncated, the 'slurpd.replog' increases (with
the content of 'replog' but no replication takes place...
----- s n i p -----
# -- Primary LDAP server
replica uri=ldapi://%2fvar%2frun%2fslapd%2fldapi
suffix=c=SE
bindmethod=sasl
saslmech=GSSAPI
realm=BAYOUR.COM
authcId=replicator
replogfile /var/lib/ldap.backup/replog
----- s n i p -----
I've also tried 'uri=ldaps://ldap1.domain.tld' which don't seem to
work either...
Ok, so the man page don't say anything about 'ldapi', but it DOES
state that 'ldaps' should work (which it don't for me). Using the
'ldaps' uri from the CLI works perfectly, as does the TLS version
('-ZZ -H ldap://ldap1.domain.tld')...
Of course, you could just use
ldap://<host>
and then use the starttls command for the replica statement to turn on TLS,
and skip ldaps:// altogether.
--Quanah
--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
"These censorship operations against schools and libraries are stronger
than ever in the present religio-political climate. They often focus on
fantasy and sf books, which foster that deadly enemy to bigotry and blind
faith, the imagination." -- Ursula K. Le Guin