[Date Prev][Date Next] [Chronological] [Thread] [Top]

could not config n-way multi-master because insufficient access



my env is Debian squeeze, OpenLDAP 2.4.17( from packages.debian.org)
I create an OpenLDAP Server, and try to config N-Wat multi-master, according to OpenLDAP Admin Guide.
 i  adding init.ldif file on the server , the following is the content

dn: cn=config
objectClass: olcGlobal
cn: config
olcServerID: 1

dn: olcDatabase={0}config,cn=config

objectClass: olcDatabaseConfig
olcDatabase: {0}config
olcRootPW: secret


and I get error --- "insufficient access" , even if I set "acess to * by * write" in slapd.conf

actually, I don't understand what the guide said.

'''''''''''''

This sets up the config database:

     dn: cn=config
objectClass: olcGlobal
cn: config
olcServerID: 1

dn: olcDatabase={0}config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: {0}config
olcRootPW: secret

''''''''''''''''''''''''''''
the above configuration block could not be import in my computer, it is said at the begin.

''''''''''''''''''''''''''''

Now we setup the first Master Node (replace $URI1, $URI2 and $URI3 etc. with your actual ldap urls):

     dn: cn=config
changetype: modify
replace: olcServerID
olcServerID: 1 $URI1
olcServerID: 2 $URI2
olcServerID: 3 $URI3

dn: olcOverlay=syncprov,olcDatabase={0}config,cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: syncprov

dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcSyncRepl
olcSyncRepl: rid=001 provider=$URI1 binddn="cn=config" bindmethod=simple
credentials=secret searchbase="cn=config" type=refreshAndPersist
retry="5 5 300 5" timeout=1
olcSyncRepl: rid=002 provider=$URI2 binddn="cn=config" bindmethod=simple
credentials=secret searchbase="cn=config" type=refreshAndPersist
retry="5 5 300 5" timeout=1
olcSyncRepl: rid=003 provider=$URI3 binddn="cn=config" bindmethod=simple
credentials=secret searchbase="cn=config" type=refreshAndPersist
retry="5 5 300 5" timeout=1
-
add: olcMirrorMode
olcMirrorMode: TRUE

''''''''''''''''''''''''''''

the configuration block seems conflict with the former, why should I write "olcServerID: 1 $URI1" into LDAP Server if  "olcServerID: 1" is right, and why should I not write an entire configuration, but two configuration file which seems conflict separately.

I have set up an unlimit previledge, why LDAP Server report "insufficient access". what previledge should be set.


thanks for help

gtalk:freeespeech@gmail.com