[Date Prev][Date Next] [Chronological] [Thread] [Top]

Problem doing add/update/delete using LDAP referral



Hi,

i got the master side replication working. Now what I want next is that i
can send an update request to the Slave LDAP, which uses the referral for
modifying the LDAP database but it doesn't work.

THX for any help!!!


Master: openldap.80prozent.net
Slave: openldapslave.80prozent.net

If I try the following commands on the Slave, it doesn't work.

ldapadd -h localhost -x -D 'cn=ldaproot,ou=security,dc=80prozent,dc=net' -W
-f ldap.ldif

ldapadd -h localhost -Y gssapi -f ldap.ldif

Error:
adding new entry "cn=Test,ou=it,dc=80prozent,dc=net"
ldap_add: Referral (10)
      referrals:
        ldap://openldap.80prozent.net:389/cn=Test,ou=it,dc=80prozent,dc=net


Result of /var/log/messages

First command:

openldapslave slapd[20625]: conn=54 fd=13 ACCEPT from IP=127.0.0.1:36309
(IP=0.0.0.0:389)
openldapslave slapd[20625]: conn=54 op=0 BIND
dn="cn=ldaproot,ou=security,dc=80prozent,dc=net" method=128
openldapslave slapd[20625]: conn=54 op=0 BIND
dn="cn=ldaproot,ou=security,dc=80prozent,dc=net" mech=SIMPLE ssf=0
openldapslave slapd[20625]: conn=54 op=0 RESULT tag=97 err=0 text=
openldapslave slapd[20625]: conn=54 op=1 ADD
dn="cn=Test,ou=it,dc=80prozent,dc=net"
openldapslave slapd[20625]: conn=54 op=1 RESULT tag=105 err=10 text=
openldapslave slapd[20625]: conn=54 op=2 UNBIND
openldapslave slapd[20625]: conn=54 fd=13 closed


Second command:

Jan 12 12:18:21 openldapslave slapd[20625]: conn=53 fd=13 ACCEPT from
IP=127.0.0.1:36308 (IP=0.0.0.0:389)
Jan 12 12:18:21 openldapslave slapd[20625]: conn=53 op=0 BIND dn=""
method=163
Jan 12 12:18:21 openldapslave slapd[20625]: connection_input: conn=53
deferring operation: binding
openldapslave slapd[20625]: conn=53 op=1 BIND dn="" method=163
openldapslave slapd[20625]: conn=53 op=2 BIND dn="" method=163
openldapslave slapd[20625]: SASL [conn=53] Error: unable to open Berkeley db
/etc/sasldb2: No such file or directory
openldapslave slapd[20625]: conn=53 op=2 BIND authcid="fpre"
openldapslave slapd[20625]: conn=53 op=2 BIND
dn="uid=fpre,cn=gssapi,cn=auth" mech=GSSAPI ssf=56
openldapslave slapd[20625]: conn=53 op=3 ADD
dn="cn=Test,ou=it,dc=80prozent,dc=net"
openldapslave slapd[20625]: conn=53 op=3 RESULT tag=105 err=10 text=
openldapslave slapd[20625]: conn=53 op=4 UNBIND
openldapslave slapd[20625]: conn=53 fd=13 closed



Here are my LDAP configs (still not a productive system).

--Master slapd.conf--

include		/etc/openldap/schema/core.schema
include		/etc/openldap/schema/cosine.schema
include		/etc/openldap/schema/nis.schema
include		/etc/openldap/schema/inetorgperson.schema
include		/etc/openldap/schema/krb5-kdc.schema

pidfile		/var/run/slapd/slapd.pid
argsfile	/var/run/slapd/slapd.args

modulepath	/usr/lib/openldap/modules

# SSL/TLS configuration
TLSCipherSuite HIGH:MEDIUM:+SSLv3:RSA
TLSCACertificateFile /etc/openldap/cert/serverca_public.cert
TLSCertificateFile /etc/openldap/cert/openldap.80prozent.net.cert 
TLSCertificateKeyFile /etc/openldap/cert/openldap.80prozent.net.key
TLSVerifyClient never

# SASL Konfiguration
sasl-host	openldap.80prozent.net
sasl-realm	80PROZENT.NET
#sasl-secprops	noanonymous,noplain,noactive
#sasl-regexp	uid=(.*),cn=80prozent.net,cn=gssapi,cn=auth
#		uid=$1,cn=gssapi,cn=auth

security	ssf=56

require bind

disallow bind_simple
disallow bind_anon
#disallow bind_krbv4
#disallow bind_anon_dn
#disallow bind_v2
#disallow bind_anon_dn
#disallow bind_anon_cred

#######################################################################
# bdb database definitions					      #
#######################################################################

database	bdb
checkpoint      1024    5
cachesize       10000
suffix		"dc=80prozent,dc=net"

#rootdn          "uid=ldapadmin,cn=80prozent.net,cn=gssapi,cn=auth"
rootdn		"uid=admin,dc=80prozent,dc=net"
rootpw		{SSHA}aOvwuYA98jDqX+WzIRfPYHW39+a2H9eg

directory	/var/lib/ldap

index		objectClass	eq
index		cn,uid,uidNumber	eq

# Specify the location of the file to append changes to.
replogfile	/var/lib/slurpd/slapd.replog

replica		host=openldapslave.80prozent.net:389
		suffix="dc=80prozent,dc=net"
		binddn="cn=Replicator,ou=security,dc=80prozent,dc=net"
		credentials=secret
		bindmethod=simple
		tls=yes



--Slave slapd.conf--

include		/etc/openldap/schema/core.schema
include		/etc/openldap/schema/cosine.schema
include		/etc/openldap/schema/nis.schema
include		/etc/openldap/schema/inetorgperson.schema
include		/etc/openldap/schema/krb5-kdc.schema

pidfile		/var/run/slapd/slapd.pid
argsfile	/var/run/slapd/slapd.args

modulepath	/usr/lib/openldap/modules

# SSL/TLS configuration
#TLSCipherSuite HIGH:MEDIUM:+SSLv3:RSA
#TLSCACertificateFile /etc/openldap/cert/serverca_public.cert 
#TLSCertificateFile /etc/openldap/cert/openldapslave.80prozent.net.sign
#TLSCertificateKeyFile /etc/openldap/cert/openldapslave.80prozent.net.key
#TLSVerifyClient never #never, da keine Client-Zertifikate verwendet werden.


# ACLs
access to *
	by dn="cn=Replicator,ou=security,dc=80prozent,dc=net" write
	by * read

# SASL Konfiguration
#sasl-host	openldap.80prozent.net
#sasl-realm	80PROZENT.NET
#sasl-secprops	noanonymous   #,noplain,noactive
#sasl-regexp	uid=(.*),cn=80prozent.net,cn=gssapi,cn=auth 
#		uid=$1,ou=it,dc=80prozent,dc=net

#security	ssf=56

#require bind

#disallow bind_simple
#disallow bind_anon
#disallow bind_krbv4
#disallow bind_anon_dn
#disallow bind_v2
#disallow bind_anon_dn
#disallow bind_anon_cred

#######################################################################
# bdb database definitions					      #
#######################################################################

database	bdb
checkpoint      1024    5
cachesize       10000
suffix		"dc=80prozent,dc=net"

rootdn         "cn=ldaproot,ou=security,dc=80prozent,dc=net"
#rootpw		{SSHA}I5IbshR0/ScrH5HpDwd3iAOyMHYz0Jxp #secret with slappasswd

directory	/var/lib/ldap

# Indices to maintain
index		objectClass	eq
index		cn,uid,uidNumber	eq

updatedn	"cn=Replicator,ou=security,dc=80prozent,dc=net"
updateref       ldap://openldap.80prozent.net:389

-- 
+++ GMX - die erste Adresse für Mail, Message, More +++
1 GB Mailbox bereits in GMX FreeMail http://www.gmx.net/de/go/mail