[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
slurpd replication problem
I have tried to review all possible documentation and read through all
mailing list archives relevant to this problem. My apologies if this has
been covered before and I have missed it.
No matter what kind of change I make I continue to get err=19 when I try
to replicate.
May 17 23:25:35 ldap2 slapd[3097]: conn=1 op=8 MOD attr=description
entryCSN modifiersName modifyTimestamp
May 17 23:25:35 ldap2 slapd[3097]: conn=1 op=8 RESULT tag=103 err=19
text=entryCSN: no user modification allowed
I am running Fedora Core 5 with ldap version openldap-servers-2.3.30-2.fc5
on both the master and slave.
I currently am using the rootdn simply because there shouldn't be any
restrictions on that user. I was using a different user previously with
the exact same results. Both systems have an exact copy of the same LDAP
db.
Here is my master LDAP slapd.conf file.
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/samba.schema
include /etc/openldap/schema/officeperson.schema
include /etc/openldap/schema/RADIUS-LDAPv3.schema
allow bind_v2
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
TLSCertificateFile /etc/pki/tls/certs/ldap.intelligraphics.com-crt.crt
TLSCertificateKeyFile /etc/pki/tls/certs/ldap.intelligraphics.com-key.pem
access to attrs=userPassword,sambaLMPassword,sambaNTPassword
by group="cn=ldapadmins,ou=Groups,dc=intelligraphics,dc=com" write
by self write
by anonymous auth
by * none
access to attrs=uid
by group="cn=ldapadmins,ou=Groups,dc=intelligraphics,dc=com" write
by * read
access to
attrs=mail,homeemail,telephonenumber,homephone,mobile,ipphone,facsimiletelephonenumber,postaladdress,l,st,postalcode,c,comment,description
by group="cn=phoneadmins,ou=Groups,dc=intelligraphics,dc=com" write
by group="cn=ldapadmins,ou=Groups,dc=intelligraphics,dc=com" write
by self write
by * read
access to attrs=o
by group="cn=phoneadmins,ou=Groups,dc=intelligraphics,dc=com" write
by group="cn=ldapadmins,ou=Groups,dc=intelligraphics,dc=com" write
by self write
by * read
access to *
by group="cn=ldapadmins,ou=Groups,dc=intelligraphics,dc=com" write
by self write
by * read
database bdb
suffix "dc=intelligraphics,dc=com"
rootdn "cn=Manager,dc=intelligraphics,dc=com"
rootpw password
directory /var/lib/ldap
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq
replogfile /var/lib/ldap/openldap-master-replog
replica uri=ldap://ldap2.intelligraphics.com
binddn="cn=Manager,dc=intelligraphics,dc=com"
bindmethod=simple credentials=password
Here is my slave LDAP slapd.conf file.
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/samba.schema
include /etc/openldap/schema/officeperson.schema
include /etc/openldap/schema/RADIUS-LDAPv3.schema
allow bind_v2
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
TLSCertificateFile /etc/pki/tls/certs/openvpn.intelligraphics.com-cert.pem
TLSCertificateKeyFile /etc/pki/tls/certs/openvpn.intelligraphics.com-key.pem
access to attrs=userPassword,sambaLMPassword,sambaNTPassword
by group="cn=ldapadmins,ou=Groups,dc=intelligraphics,dc=com" write
by self write
by anonymous auth
by * none
access to attrs=uid
by group="cn=ldapadmins,ou=Groups,dc=intelligraphics,dc=com" write
by * read
access to
attrs=mail,homeemail,telephonenumber,homephone,mobile,ipphone,facsimiletelephonenumber,postaladdress,l,st,postalcode,c,comment,description
by group="cn=phoneadmins,ou=Groups,dc=intelligraphics,dc=com" write
by group="cn=ldapadmins,ou=Groups,dc=intelligraphics,dc=com" write
by self write
by * read
access to attrs=o
by group="cn=phoneadmins,ou=Groups,dc=intelligraphics,dc=com" write
by group="cn=ldapadmins,ou=Groups,dc=intelligraphics,dc=com" write
by self write
by * read
access to *
by group="cn=ldapadmins,ou=Groups,dc=intelligraphics,dc=com" write
by self write
by * read
database bdb
suffix "dc=intelligraphics,dc=com"
rootdn "cn=Manager,dc=intelligraphics,dc=com"
rootpw password
directory /var/lib/ldap
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq
updatedn="cn=Manager,dc=intelligraphics,dc=com"
updateref="ldap://ldap.intelligraphics.com"
Does anyone have any ideas on what to try?
David Browning
david.browning@intelligraphics.com