[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: replication security



just a thought, the problem you could not update could be you use the
rootdn of slave as updatedn.


-----Original Message-----
From: owner-openldap-software@OpenLDAP.org
[mailto:owner-openldap-software@OpenLDAP.org] On Behalf Of John
Halfpenny
Sent: Wednesday, November 09, 2005 7:05 AM
To: OpenLDAP-software@OpenLDAP.org
Subject: replication security



hi everybody,

i have a couple of small questions regarding my openldap replication
setup, if anyone knows the answers i would appreciate it enormously :-)

if i run with a cleartext password for the updatedn, and turn off
readonly on the slave, all works well, i.e.

master-

replica host=master.my.local:389  binddn="cn=Manager,dc=my,dc=local"
 bindmethod=simple credentials=mypass
 syncrepl

slave-

updatedn "cn=Manager,dc=my,dc=local"
 referral ldap://master.my.local

but i have read that the slave should really be readonly, yet when i add

 readonly on

to the slave configuration, it won't allow me to update!

my other query regards the {SSHA} password option used by the master to
bind to the slave, as i can't get this going either. i.e.

master-

 bindmethod=simple credentials={SSHA}dfsEWF4fw4wrqdsFSD

does this hashed manager password need to be generated on the slave or
the master? or should either suffice?

thank you very much in advance for any guidance!

john

_______________________________________________
Join Excite! - http://www.excite.com
The most personalized portal on the Web!