I increased the logging and
found this upon starting up the provider: => bdb_search bdb_dn2entry("cn=accesslog") => access_allowed: search
access to "cn=accesslog" "entry" requested <= root access granted => access_allowed: search
access granted by manage(=mwrscxd) search_candidates:
base="cn=accesslog" (0x00000001) scope=1 =>
bdb_dn2idl("cn=accesslog") bdb_idl_fetch_key:
%cn=accesslog <= bdb_dn2idl: get failed:
DB_NOTFOUND: No matching key/data pair found (-30988) bdb_search_candidates: failed
(rc=-30988) bdb_search: no candidates I realised that I hadn’t created
a cn=accesslog. I’ve done that now with an ldif
file, results of an ldapsearch on that entry below, but still get the same
error. ldapsearch -x -b
dc=city,dc=ac,dc=uk cn=accesslog version: 1 dn: cn=accesslog,dc=city,dc=ac,dc=uk objectClass: auditContainer cn: accesslog Is there something more I need
to do for the cn=accesslog to work? From: Gocher, Mark
[mailto:Mark.Gocher.1@city.ac.uk] I’m receiving the following error on my consumer, using
logging -d stats + args + trace + sync 2> /var/log/ldap @(#) $OpenLDAP: slapd 2.4.22 (May 21 2010 12:10:42) $
@cambridge:/usr/local/openldap-2.4.22/servers/slapd slapd starting slap_client_connect:
URI=ldap://oxford.unix1.city.ac.uk:389
DN="cn=replicator,dc=city,dc=ac,dc=uk" ldap_sasl_bind_s failed (49) I can see from the documentation that my consumer is not
authenticating to my provider, but I can’t see what the error is. If any other
info would help please let me know. I have created the uid for replicator and repeated this
search with the ‘access to attrs=userPassword’ line commented out on the
provider to ensure that the userPassword for replicator is clear text ‘secret’.
I can also perform this search from the consumer successfully. ldapsearch -x -b dc=city,dc=ac,dc=uk uid=replicator version: 1 dn: uid=replicator,ou=users,dc=city,dc=ac,dc=uk objectClass: person objectClass: posixAccount objectClass: inetOrgPerson sn: replicator cn: replicator uid: replicator uidNumber: 22258 gidNumber: 22258 homeDirectory: /export/home/replicator userPassword: secret displayName: replicator mail: None labeledURI: None description: openLDAP replication id Consumer ldap.conf: database bdb suffix
"dc=city,dc=ac,dc=uk" rootdn
"cn=DSAmgr,dc=city,dc=ac,dc=uk" rootpw
{CRYPT}******* directory
/var/opt/csw/openldap-data index
default pres,eq,sub index objectClass eq index cn index sn index uid access to attrs=userPassword by anonymous auth by * none access to * by * read index entryUUID eq syncrepl rid=0
provider=ldap://oxford.unix1.city.ac.uk:389
bindmethod=simple
binddn="cn=replicator,dc=city,dc=ac,dc=uk"
credentials=secret
searchbase="dc=city,dc=ac,dc=uk"
logbase="cn=accesslog"
logfilter="(&(objectClass=auditWriteObject)(reqResult=0))"
schemachecking=on
type=refreshAndPersist
retry="60 +"
syncdata=accesslog updateref
ldap://oxford.unix1.city.ac.uk database monitor Provider ldap.conf: database bdb suffix
"dc=city,dc=ac,dc=uk" rootdn
"cn=DSAmgr,dc=city,dc=ac,dc=uk" rootpw
{CRYPT}aZmvWMwFgg.vk directory
/var/opt/csw/openldap-data index
default pres,eq,sub index objectClass eq index cn index sn index uid access to * by
dn.base="cn=replicator,dc=city,dc=ac,dc=uk" read by * break access to attrs=userPassword by anonymous auth by * none access to * by * read modulepath /usr/local/openldap-2.4.22 moduleload back_bdb.la moduleload accesslog.la moduleload syncprov.la database bdb suffix cn=accesslog directory /var/opt/csw/accesslog rootdn cn=accesslog index default eq index objectClass,reqEnd,reqResult,reqStart overlay syncprov syncprov-nopresent TRUE syncprov-reloadhint TRUE limits
dn.exact="cn=replicator,dc=city,dc=ac,dc=uk" time.soft=unlimited
time.hard=unlimited size.soft=unlimited size.hard=unlimited # database bdb # suffix
"dc=dc=city,dc=ac,dc=uk" # rootdn
"cn=DSAmgr,dc=city,dc=ac,dc=uk" index entryCSN eq index entryUUID eq overlay syncprov syncprov-checkpoint 1000 60 overlay accesslog logdb cn=accesslog logops writes logsuccess TRUE logpurge 99+00:00 00+00:01 # Let the replica DN have limitless searches limits dn.exact="cn=replicator,dc=city,dc=ac,dc=uk"
time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited database monitor |