[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Slapd Replication Problem



So... I need to add an extra "auth" line for my replication DN? I never saw that mentioned in the "OpenLDAP Administrator's Guide"; I assumed that mentioning it as the "updatedn" would be sufficient.


Well, let's take a look at the logs to figure it out:

Sep 13 10:44:07 titan slapd[5789]: conn=0 op=0 BIND dn="uid=slapd,ou=Services,dc=precidia" mech=SIMPLE ssf=0 Sep 13 10:44:07 titan slapd[5789]: conn=0 op=0 RESULT tag=97 err=0 text=

So you're not failing on the BIND. "auth" privs aren't at issue.

Sep 13 10:44:07 titan slapd[5789]: => access_allowed: delete access to "uid=bcwhite,ou=People,dc=precidia" "userPassword" requested
Sep 13 10:44:07 titan slapd[5789]: => access_allowed: delete access denied by none(=0)


You're failing on "delete". As slapd.access(5) man page points out, this requires "write" access. Your replication identity has to be able to write to the database. It currently cannot.

I agree with your analysis. I just didn't expect to have to specify it twice and it's not mentioned (that I saw) in the documentation.


                                          Brian
                                 ( bcwhite@precidia.com )

-------------------------------------------------------------------------------
      Relationships go through seasons.  Winter often comes before Spring.