[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Slave SASL Cannonicalize always returns root?

To: johnh@primebuchholz.com, openldap-software@OpenLDAP.org
Subject: Re: Slave SASL Cannonicalize always returns root?
From: Quanah Gibson-Mount <quanah@stanford.edu>
Date: Wed, 16 Feb 2005 08:18:05 -0800
Content-disposition: inline
In-reply-to: <OFAF7DA6D3.6B43644B-ON85256FAA.004ECD04-85256FAA.004FF5EF@primebuchholz.com>
References: <OFAF7DA6D3.6B43644B-ON85256FAA.004ECD04-85256FAA.004FF5EF@prime buchholz.com>

--On Wednesday, February 16, 2005 9:39 AM -0500 johnh@primebuchholz.com wrote:

Greetings,

I've been working on this particular problem for a week now, and can't
seem to find a resolution in the list archives/docs/faq, or through a
great deal of testing and experimentation.

I have two openldap 2.2.13 servers.  For authentication, I'm using MIT
Kerberos/Cyrus SASL GSSAPI.  All LDAP connections are TLS.

Binding to the master or slave works fine.

The problem is that when slurpd tries to send changes to the slave, the
slave always returns a referral.  Here's the relevant sections from my
slapd.conf:

The problem to me appears to be that you don't have a K5 ticket for replicator@mydomain.com, which is why when it binds the authcid is "root" and not "repliactor@mydomain.com".

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

"These censorship operations against schools and libraries are stronger
than ever in the present religio-political climate. They often focus on
fantasy and sf books, which foster that deadly enemy to bigotry and blind
faith, the imagination." -- Ursula K. Le Guin

Follow-Ups:
- Re: Slave SASL Cannonicalize always returns root?
  - From: johnh@primebuchholz.com

References:
- Slave SASL Cannonicalize always returns root?
  - From: johnh@primebuchholz.com

Prev by Date: TLS error
Next by Date: Re: slapdd - not enough space
Index(es):
- Chronological
- Thread