Re: errant SASL/GSSAPI setup?

[Quanah Gibson-Mount <quanah@stanford.edu>]

--On Wednesday, August 30, 2006 9:47 AM -0700 Quanah Gibson-Mount 
<quanah@stanford.edu> wrote:

> --On Wednesday, August 30, 2006 12:36 PM -0400 "Allan E. Johannesen"
> <aej@WPI.EDU> wrote:
>
>
>
> > Thanks for looking into the problem.

Never mind, my ldap servers are replicating just fine.. shew. ;)


So, I noticed that my ticket cache is also missing the ldap/* principal 
after it renews, but that doesn't particularly matter.  Why?  Because I use 
a persistent connection to the LDAP master, which means as long as the 
already negotiated connection remains open (which it does), then everything 
works just fine.  If the master shuts down and restarts, when the replica 
reconnects, it gets a brand new ldap/* tgt from the master.

BTW, your syncrepl definition is missing the saslmech.

Here's mine (I use delta-syncrel):

syncrepl    rid=0
           provider=ldap://ldap-master.stanford.edu:389
           bindmethod=sasl
           saslmech=gssapi
           realm=stanford.edu
           searchbase="dc=stanford,dc=edu"
           logbase="cn=accesslog"
           logfilter="(&(objectClass=auditWriteObject)(reqResult=0))"
           schemachecking=on
           type=refreshAndPersist
           retry="60 +"
           syncdata=accesslog


It may be that on rebind it isn't figuring out the mech correctly?

--Quanah


--
Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html