[Date Prev][Date Next] [Chronological] [Thread] [Top]

Problem with replication



I am having a problem with replication: On my master server the update
occurs but when slurpd passes the changes / modification the slave
responds in the log that no user modification is allowed.
-- Snip
Oct 12 12:22:14 anuket slapd[8094]: conn=5 fd=8 ACCEPT from IP=[IP
Removed]:32803 (IP=0.0.0.0:389)
Oct 12 12:22:14 anuket slapd[8094]: conn=5 op=0 BIND
dn="cn=Replicator,dc=MyDomain,dc=LDAP" method=128
Oct 12 12:22:14 anuket slapd[8094]: conn=5 op=0 BIND
dn="cn=Replicator,dc=MyDomain,dc=LDAP" mech=SIMPLE ssf=0
Oct 12 12:22:14 anuket slapd[8094]: conn=5 op=0 RESULT tag=97 err=0
text=
Oct 12 12:22:14 anuket slapd[8094]: conn=5 op=1 MOD
dn="uid=meaje,ou=People,dc=MyDomain,dc=LDAP"
Oct 12 12:22:14 anuket slapd[8094]: conn=5 op=1 MOD attr=userPassword
userPassword entryCSN modifiersName modifyTimestamp
Oct 12 12:22:14 anuket slapd[8094]: conn=5 op=1 RESULT tag=103 err=19
text=entryCSN: no user modification allowed
Snap --
I can authenticate on the slave as the replication user and make
modifications without going to the master but when I come from the
master I get the error listed above.  On the slave I have the following
ACLs in place:
-- Snip
[root@anuket openldap]# cat slapd.conf
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
# loglevel 15 # heavy debugging
loglevel 768

include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/corba.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/dyngroup.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/nis.schema
include         /etc/openldap/schema/openldap.schema
include         /etc/openldap/schema/java.schema
include         /etc/openldap/schema/misc.schema

# Allow LDAPv2 client connections.  This is NOT the default.
allow bind_v2

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral       ldap://root.openldap.org

pidfile         /var/run/slapd.pid
argsfile        /var/run/slapd.args

# Load dynamic backend modules:
# modulepath    /usr/sbin/openldap
# moduleload    back_bdb.la
# moduleload    back_ldap.la
# moduleload    back_ldbm.la
# moduleload    back_passwd.la
# moduleload    back_shell.la

# Sample security restrictions
#       Require integrity protection (prevent hijacking)
#       Require 112-bit (3DES or better) encryption for updates
#       Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64

# Sample access control policy:
#       Root DSE: allow anyone to read it
#       Subschema (sub)entry DSE: allow anyone to read it
#       Other DSEs:
#               Allow self write access
#               Allow authenticated users read access
#               Allow anonymous users to authenticate
#       Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
#       by self write
#       by users read
#       by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn.  (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!

#######################################################################
# ldbm and/or bdb database definitions
#######################################################################

database ldbm
directory /var/lib/ldap/MeansPC
suffix "dc=MyDomain,dc=LDAP"
rootdn "cn=Manager,dc=MyDomain,dc=LDAP"
rootpw [removed]

# replication directives 389 | 636
# replogfile /var/log/openldap/slapd.replog
# replica uri=ldap://anuket.meanspc.com:389
#    binddn="cn=Replicator,dc=MyDomain,dc=LDAP"
#    bindmethod=simple credentials=[removed]

# indexed attribute definitions
index cn,sn                     pres,eq,sub
index objectClass               eq,pres
index uid,uidNumber,gidNumber   eq,pres
index mailLocalAddress          eq,pres
cachesize     10000
dbcachesize   1000000

# database access control definitions
access to attr=entryCSN
    by self                                             write
    by dn.base="cn=Replicator,dc=MyDomain,dc=LDAP"        write
    by dn.base="cn=root,ou=People,dc=MyDomain,dc=LDAP"    write
    by dn.base="cn=Manager,dc=MyDomain,dc=LDAP"           write
    by anonymous                                        auth
    by *                                                none
access to attr=userPassword
    by self                                             write
    by dn.base="cn=Replicator,dc=MyDomain,dc=LDAP"        write
    by dn.base="cn=root,ou=People,dc=MyDomain,dc=LDAP"    write
    by dn.base="cn=Manager,dc=MyDomain,dc=LDAP"           write
    by anonymous                                        auth
    by *                                                none
access to *
    by self                                             write
    by dn.base="cn=Replicator,dc=MyDomain,dc=LDAP"        write
    by dn.base="cn=root,ou=People,dc=MyDomain,dc=LDAP"    write
    by dn.base="cn=Manager,dc=MyDomain,dc=LDAP"           write
    by *                                                read
Snap --
I am using a LDBM backend on the slave while the master is a BDB if that
could be causing this...

Thanks for any help in advance.
-- 

Jeffrey D. Means                                   meaje@meanspc.com
Owner / CIO for MeansPC                       http://www.meanspc.com/
Custom Web Development For Your Needs.                 (970)308-1298

- Everything in moderation including moderation. - Unknown

My Public PGP Key ID is: 0x81F00126
and available via:  
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x81F00126

Attachment: signature.asc
Description: This is a digitally signed message part