[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Problem doing add/update/delete using LDAP referral
Hi,
i got the master side replication working. Now what I want next is that i
can send an update request to the Slave LDAP, which uses the referral for
modifying the LDAP database but it doesn't work.
THX for any help!!!
Master: openldap.80prozent.net
Slave: openldapslave.80prozent.net
If I try the following commands on the Slave, it doesn't work.
ldapadd -h localhost -x -D 'cn=ldaproot,ou=security,dc=80prozent,dc=net' -W
-f ldap.ldif
ldapadd -h localhost -Y gssapi -f ldap.ldif
Error:
adding new entry "cn=Test,ou=it,dc=80prozent,dc=net"
ldap_add: Referral (10)
referrals:
ldap://openldap.80prozent.net:389/cn=Test,ou=it,dc=80prozent,dc=net
Result of /var/log/messages
First command:
openldapslave slapd[20625]: conn=54 fd=13 ACCEPT from IP=127.0.0.1:36309
(IP=0.0.0.0:389)
openldapslave slapd[20625]: conn=54 op=0 BIND
dn="cn=ldaproot,ou=security,dc=80prozent,dc=net" method=128
openldapslave slapd[20625]: conn=54 op=0 BIND
dn="cn=ldaproot,ou=security,dc=80prozent,dc=net" mech=SIMPLE ssf=0
openldapslave slapd[20625]: conn=54 op=0 RESULT tag=97 err=0 text=
openldapslave slapd[20625]: conn=54 op=1 ADD
dn="cn=Test,ou=it,dc=80prozent,dc=net"
openldapslave slapd[20625]: conn=54 op=1 RESULT tag=105 err=10 text=
openldapslave slapd[20625]: conn=54 op=2 UNBIND
openldapslave slapd[20625]: conn=54 fd=13 closed
Second command:
Jan 12 12:18:21 openldapslave slapd[20625]: conn=53 fd=13 ACCEPT from
IP=127.0.0.1:36308 (IP=0.0.0.0:389)
Jan 12 12:18:21 openldapslave slapd[20625]: conn=53 op=0 BIND dn=""
method=163
Jan 12 12:18:21 openldapslave slapd[20625]: connection_input: conn=53
deferring operation: binding
openldapslave slapd[20625]: conn=53 op=1 BIND dn="" method=163
openldapslave slapd[20625]: conn=53 op=2 BIND dn="" method=163
openldapslave slapd[20625]: SASL [conn=53] Error: unable to open Berkeley db
/etc/sasldb2: No such file or directory
openldapslave slapd[20625]: conn=53 op=2 BIND authcid="fpre"
openldapslave slapd[20625]: conn=53 op=2 BIND
dn="uid=fpre,cn=gssapi,cn=auth" mech=GSSAPI ssf=56
openldapslave slapd[20625]: conn=53 op=3 ADD
dn="cn=Test,ou=it,dc=80prozent,dc=net"
openldapslave slapd[20625]: conn=53 op=3 RESULT tag=105 err=10 text=
openldapslave slapd[20625]: conn=53 op=4 UNBIND
openldapslave slapd[20625]: conn=53 fd=13 closed
Here are my LDAP configs (still not a productive system).
--Master slapd.conf--
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/krb5-kdc.schema
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
modulepath /usr/lib/openldap/modules
# SSL/TLS configuration
TLSCipherSuite HIGH:MEDIUM:+SSLv3:RSA
TLSCACertificateFile /etc/openldap/cert/serverca_public.cert
TLSCertificateFile /etc/openldap/cert/openldap.80prozent.net.cert
TLSCertificateKeyFile /etc/openldap/cert/openldap.80prozent.net.key
TLSVerifyClient never
# SASL Konfiguration
sasl-host openldap.80prozent.net
sasl-realm 80PROZENT.NET
#sasl-secprops noanonymous,noplain,noactive
#sasl-regexp uid=(.*),cn=80prozent.net,cn=gssapi,cn=auth
# uid=$1,cn=gssapi,cn=auth
security ssf=56
require bind
disallow bind_simple
disallow bind_anon
#disallow bind_krbv4
#disallow bind_anon_dn
#disallow bind_v2
#disallow bind_anon_dn
#disallow bind_anon_cred
#######################################################################
# bdb database definitions #
#######################################################################
database bdb
checkpoint 1024 5
cachesize 10000
suffix "dc=80prozent,dc=net"
#rootdn "uid=ldapadmin,cn=80prozent.net,cn=gssapi,cn=auth"
rootdn "uid=admin,dc=80prozent,dc=net"
rootpw {SSHA}aOvwuYA98jDqX+WzIRfPYHW39+a2H9eg
directory /var/lib/ldap
index objectClass eq
index cn,uid,uidNumber eq
# Specify the location of the file to append changes to.
replogfile /var/lib/slurpd/slapd.replog
replica host=openldapslave.80prozent.net:389
suffix="dc=80prozent,dc=net"
binddn="cn=Replicator,ou=security,dc=80prozent,dc=net"
credentials=secret
bindmethod=simple
tls=yes
--Slave slapd.conf--
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/krb5-kdc.schema
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
modulepath /usr/lib/openldap/modules
# SSL/TLS configuration
#TLSCipherSuite HIGH:MEDIUM:+SSLv3:RSA
#TLSCACertificateFile /etc/openldap/cert/serverca_public.cert
#TLSCertificateFile /etc/openldap/cert/openldapslave.80prozent.net.sign
#TLSCertificateKeyFile /etc/openldap/cert/openldapslave.80prozent.net.key
#TLSVerifyClient never #never, da keine Client-Zertifikate verwendet werden.
# ACLs
access to *
by dn="cn=Replicator,ou=security,dc=80prozent,dc=net" write
by * read
# SASL Konfiguration
#sasl-host openldap.80prozent.net
#sasl-realm 80PROZENT.NET
#sasl-secprops noanonymous #,noplain,noactive
#sasl-regexp uid=(.*),cn=80prozent.net,cn=gssapi,cn=auth
# uid=$1,ou=it,dc=80prozent,dc=net
#security ssf=56
#require bind
#disallow bind_simple
#disallow bind_anon
#disallow bind_krbv4
#disallow bind_anon_dn
#disallow bind_v2
#disallow bind_anon_dn
#disallow bind_anon_cred
#######################################################################
# bdb database definitions #
#######################################################################
database bdb
checkpoint 1024 5
cachesize 10000
suffix "dc=80prozent,dc=net"
rootdn "cn=ldaproot,ou=security,dc=80prozent,dc=net"
#rootpw {SSHA}I5IbshR0/ScrH5HpDwd3iAOyMHYz0Jxp #secret with slappasswd
directory /var/lib/ldap
# Indices to maintain
index objectClass eq
index cn,uid,uidNumber eq
updatedn "cn=Replicator,ou=security,dc=80prozent,dc=net"
updateref ldap://openldap.80prozent.net:389
--
+++ GMX - die erste Adresse für Mail, Message, More +++
1 GB Mailbox bereits in GMX FreeMail http://www.gmx.net/de/go/mail