[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Can't start replication

To: Dieter Kluenter <dieter@dkluenter.de>
Subject: Re: Can't start replication
From: Alister Forbes <a@cisco.com>
Date: Mon, 6 Sep 2010 10:19:45 +0200
Cc: openldap-technical@openldap.org
In-reply-to: <87fwxnxs1z.fsf@magenta.l4b.de>
References: <AC10B913-AA60-48A4-BF04-47F685A56526@cisco.com> <20100903155515.0c75021f@magenta.l4b.de> <B44F4C77-2ED1-4F00-B916-473FEAA035FD@cisco.com> <87fwxnxs1z.fsf@magenta.l4b.de>

Hi Dieter,

Password was created with slappasswd, and I know it's ok, because I can use ldapsearch, ldapmodify etc, to search, check etc, it's stored in the config in {SSHA} format, but presented in the olcSynRepl line in cleartext.  (It's not actually $PASS, I'm just stupidly paranoid about passwords) Here's the (partial) output from searching for it:

# {0}config, config
dn: olcDatabase={0}config,cn=config
olcRootPW: {SSHA}wm6t06uLEx1nzsGHT/VJc4g3whG4ihVZ

and yes, olcReadOnly is false...

dn: cn=config
olcReadOnly: FALSE

Alister

On 06 Sep 2010, at 09:14, Dieter Kluenter wrote:

> 
> OK I don't see anything obvious
>> 
>> On 03 Sep 2010, at 15:55, Dieter Kluenter wrote:
>> 
>>> Am Fri, 3 Sep 2010 14:25:51 +0200
>>> schrieb Alister Forbes <a@cisco.com>:
>>> 
>>>> All,
>>>> 
>>>> My situation is that I'm trying to get replication working between
>>>> two instances of openldap 2.4.23, both running on RHEL5, both built
>>>> with the same options, and db built under them with the same options,
>>>> and both OS instances are the same (cloned VMs)
>>>> 
>>>> I can see the two slapd's trying to communicate, but athough the
>>>> passwords supplied in 'credentials' are definitely correct, I keep
>>>> seeing the err=49 in the logs below
> 
> How did you create the password and which hashing scheme did you use? 
> It seems that the userpassword hashed value does not match the
> presented value.
> 
>>>> 
>>>> I've been struggling with this for days now.. can anyone give me a
>>>> hint what I've messed up?
>>>> 
>>>> 
>>>> Also, I'm not sure if it's related, but I now can't change anything
>>>> in the servers configs directly, I keep getting -
>>>> 
>>>> ldap_modify: Server is unwilling to perform (53)
>>>> 	additional info: shadow context; no update referral
> 
> Please check if oclReadOnly: is set to FALSE
> 
> [...]

--
Alister Forbes      Work:   +32 2 704 5762    Internal: 322 5762
a@cisco.com    TACSUNS             _.|._.|._ Cisco Systems

Please avoid sending me Word or PowerPoint attachments. See -
http://www.gnu.org/philosophy/no-word-attachments.html

References:
- Can't start replication
  - From: Alister Forbes <a@cisco.com>
- Re: Can't start replication
  - From: Dieter Kluenter <dieter@dkluenter.de>
- Re: Can't start replication
  - From: Alister Forbes <a@cisco.com>
- Re: Can't start replication
  - From: "Dieter Kluenter" <dieter@dkluenter.de>

Prev by Date: Re: Can't start replication
Next by Date: Re: Defining a password attributetype
Index(es):
- Chronological
- Thread