[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Slapd Replication Problem

To: Brian White <bcwhite@precidia.com>
Subject: Re: Slapd Replication Problem
From: Aaron Richton <richton@nbcs.rutgers.edu>
Date: Wed, 13 Sep 2006 12:41:47 -0400 (EDT)
Cc: openldap-software@OpenLDAP.org
In-reply-to: <45082F0E.9000802@precidia.com>
References: <45082624.5050003@precidia.com> <Pine.SOC.4.64.0609131203480.7225@toolbox.rutgers.edu> <45082F0E.9000802@precidia.com>

So... I need to add an extra "auth" line for my replication DN? I never saw that mentioned in the "OpenLDAP Administrator's Guide"; I assumed that mentioning it as the "updatedn" would be sufficient.


Well, let's take a look at the logs to figure it out:

Sep 13 10:44:07 titan slapd[5789]: conn=0 op=0 BIND dn="uid=slapd,ou=Services,dc=precidia" mech=SIMPLE ssf=0 Sep 13 10:44:07 titan slapd[5789]: conn=0 op=0 RESULT tag=97 err=0 text=

So you're not failing on the BIND. "auth" privs aren't at issue.

Sep 13 10:44:07 titan slapd[5789]: => access_allowed: delete access to "uid=bcwhite,ou=People,dc=precidia" "userPassword" requested
Sep 13 10:44:07 titan slapd[5789]: => access_allowed: delete access denied by none(=0)

You're failing on "delete". As slapd.access(5) man page points out, this requires "write" access. Your replication identity has to be able to write to the database. It currently cannot.

Follow-Ups:
- Re: Slapd Replication Problem
  - From: Brian White <bcwhite@precidia.com>

References:
- Slapd Replication Problem
  - From: Brian White <bcwhite@precidia.com>
- Re: Slapd Replication Problem
  - From: Aaron Richton <richton@nbcs.rutgers.edu>
- Re: Slapd Replication Problem
  - From: Brian White <bcwhite@precidia.com>

Prev by Date: Re: Slapd Replication Problem
Next by Date: Re: Slapd Replication Problem
Index(es):
- Chronological
- Thread