[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: syncrepl simple bind
- To: ldap <openldap-technical@openldap.org>
- Subject: Re: syncrepl simple bind
- From: "S.A." <qmt9z3@yahoo.com>
- Date: Sat, 3 Mar 2012 20:27:42 -0800 (PST)
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1330835262; bh=01TtBICvgeirXff0TGEXPQ3/ltY8GyIE1aYWLbS3wKU=; h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=BEh7yTNYD599NjTO8n8xOoyQXXxzWs8+oudlqSlSgyhO0fbHWyavfBGbPC6HOEY6KvhS1Nj9emcV/qruyRo7VOuYTbsVMnoxabEkH2A8+YnRLYFhMnxue1SOvvPHtRDv/3tTydhFTfUFqfOviTBdvRVwsmV32ztQvlDqCy+Nsq0=
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Mailer:Message-ID:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=2rXzDN0IwDzekjzamKyeg3cPid2aKhuEpz18HhpjSiNlftUG/bWAha5expZwlL9IhMen/DH2erZlXjWHOKiAuO42sysZm1V4P8VnT9SkzKW4Civ3iWTDTcOLInre+W5ytE+kHpLD1bpYmWxnIr3vOLWuDhiTqMrBicFAWPkCybM=;
- In-reply-to: <0396B7C6AC4C882AC3E55DB4@[192.168.1.30]>
> > For syncrepl to work do we need to enable the sasl? I had the sasl
> > disabled and configured to replicate using simple bindmethod, with
> > the following config:
> > syncrepl rid=001
> > provider=ldap://ldap2.example.com
> > type=refreshAndPersist
> > retry="5 5 300 +"
> > searchbase="o=tld"
> > bindmethod=simple
> > binddn="uid=admin,ou=users,o=tld"
> > credentials=password
> > schemachecking=on
> >
> > but I get the following error:
> >
> > slap_client_connect: URI=ldap://ldap2.example.com
> > DN="uid=admin,ou=users,o=tld" ldap_sasl_bind_s failed
> (-1)
>
> ldap_sasl_bind_s is the name of the binding function for
> both simple and SASL binds. It doesn't mean you're
> performing a SASL bind. If it was a dn/password issue,
> you would see error code 49. You got error code -1,
> which seems to imply it cannot open a connection to
> ldap2.example.com from that server.
>
> --Quanah
Thanks for your response!
ldap1-client <-> slapd2: Communication OK
slapd1 <-> ldap2-client: Communication OK
slapd1 <-/-> slapd2: Communication failure
Using 'ldapsearch' command, I am able to bind and search on the
slapd2 server from the server (slapd1) that is issuing the above
error and vice-versa. So, the client modules from one server have
no trouble connecting the slapd on the other server, however,
the slapd to slapd communication via slap_client_connect for
syncrepl seems to have an issue.
I am wondering if there is anything in the cn=config configuration
that could lead to this.
Thanks