[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Problem with replication
- To: Howard Chu <hyc@symas.com>
- Subject: Re: Problem with replication
- From: "Sandeep A.S" <sandeep@netcontinuum.com>
- Date: Thu, 01 Jun 2006 13:24:11 +0530
- Cc: matthew sporleder <msporleder@gmail.com>, OpenLDAP-software@OpenLDAP.org
- In-reply-to: <447E01E5.3010700@symas.com>
- Organization: NetContinuum Pvt Ltd
- References: <447D9D3D.9060106@netcontinuum.com> <b0459d5c0605310740v65eadf23yc95add1f6e2f7015@mail.gmail.com> <447E01E5.3010700@symas.com>
- User-agent: Mozilla Thunderbird 0.8 (X11/20041020)
Did you add cn=Replicator,dc=nc,dc=com to your replica before trying
to do this?
Also, you might want to specify 'dn.exact="cn=Replicator,dc=nc,dc=com"
write' instead of just "cn=Replicator,dc=nc,dc=com" write in your
replica's ACL.
The slave ACLs are in the wrong order, so there is no way to Bind
because nobody can access the userPassword attribute.
Thanks a lot for your help.
Now Invalid credentials error is gone. (I created one dn:
uid=Replicator,dc=nc,dc=com in the master and slapcated to slave )
Also changed the ACLs as below:
In Master:
access to attrs=userPassword
by dn="uid=Replicator,dc=nc,dc=com" write
by self write
by * auth
access to *
by dn="uid=Replicator,dc=nc,dc=com" write
by self write
by * read
And
replica uri=ldap://192.168.128.248:6666
suffix="dc=nc,dc=com"
binddn="uid=Replicator,dc=nc,dc=com"
bindmethod=simple credentials=secret
In Slave:(Same as Master)
access to attrs=userPassword
by self write
by dn="uid=Replicator,dc=nc,dc=com" write
by * auth
access to *
by dn="uid=Replicator,dc=nc,dc=com" write
by self write
by * read
updatedn "uid=Replicator,dc=nc,dc=com"
In Master slurpd -d 256 gives the following: (When I try to delete DN
"uid=flexlm,ou=People,dc=sca,dc=nc,dc=com in Master)
Error: ldap_delete_s failed deleting DN
"uid=flexlm,ou=People,dc=sca,dc=nc,dc=com": no write access to parent
Error: ldap operation failed, data written to
"/usr/local/var/openldap-slurp/replica/192.168.128.248:6666.rej"
And in slave: slapd -d 256 gives :
conn=1 fd=11 ACCEPT from IP=192.168.128.238:34313
(IP=192.168.128.248:6666)
conn=1 op=0 BIND dn="uid=Replicator,dc=nc,dc=com" method=128
conn=1 op=0 BIND dn="uid=Replicator,dc=nc,dc=com" mech=SIMPLE ssf=0
conn=1 op=0 RESULT tag=97 err=0 text=
conn=1 op=1 DEL dn="uid=flexlm,ou=People,dc=sca,dc=nc,dc=com"
conn=1 op=1 RESULT tag=107 err=50 text=no write access to parent
I assume some ACL issue,but I am helpless to find it out
Requesting your help
Thanks
Sandeep