[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Problem with replication



It's difficult to tell from the sloppy formatting of your email, but most likely you have white space in your slave's slapd.conf where it does not belong, and are missing white space where it does belong. Please read the slapd.conf(5) manpage again and pay attention to the rules for white space in this file.

Sandeep A.S wrote:

The slave ACLs are in the wrong order, so there is no way to Bind because nobody can access the userPassword attribute.



Thanks a lot for your help.
Now Invalid credentials error is gone. (I created one dn: uid=Replicator,dc=nc,dc=com in the master and slapcated to slave )
Also changed the ACLs as below:


 In Master:
access to attrs=userPassword
       by dn="uid=Replicator,dc=nc,dc=com"  write
       by self write
       by * auth
access to *
       by dn="uid=Replicator,dc=nc,dc=com"  write
       by self write
       by * read
And         replica uri=ldap://192.168.128.248:6666
        suffix="dc=nc,dc=com"
         binddn="uid=Replicator,dc=nc,dc=com"
         bindmethod=simple credentials=secret

In Slave:(Same as Master)
       access to attrs=userPassword
       by self write
       by dn="uid=Replicator,dc=nc,dc=com"  write
       by * auth
       access to *
       by dn="uid=Replicator,dc=nc,dc=com"  write
       by self write
       by * read

      updatedn       "uid=Replicator,dc=nc,dc=com"

In Master slurpd -d 256 gives the following: (When I try to delete DN "uid=flexlm,ou=People,dc=sca,dc=nc,dc=com in Master)
Error: ldap_delete_s failed deleting DN "uid=flexlm,ou=People,dc=sca,dc=nc,dc=com": no write access to parent
Error: ldap operation failed, data written to "/usr/local/var/openldap-slurp/replica/192.168.128.248:6666.rej"
And in slave: slapd -d 256 gives :
conn=1 fd=11 ACCEPT from IP=192.168.128.238:34313 (IP=192.168.128.248:6666)
conn=1 op=0 BIND dn="uid=Replicator,dc=nc,dc=com" method=128
conn=1 op=0 BIND dn="uid=Replicator,dc=nc,dc=com" mech=SIMPLE ssf=0
conn=1 op=0 RESULT tag=97 err=0 text=
conn=1 op=1 DEL dn="uid=flexlm,ou=People,dc=sca,dc=nc,dc=com"
conn=1 op=1 RESULT tag=107 err=50 text=no write access to parent
I assume some ACL issue,but I am helpless to find it out
Requesting your help


 Thanks
 Sandeep

-- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc OpenLDAP Core Team http://www.openldap.org/project/