[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Ldap Replication Query
Hello LDAP Brains,
I have setup a Samba PDC (192.168.1.2) and a Samba BDC (192.168.4.2) both are on different subnets, there are two issues for me as below
PDC - SUSE Linux Enterprise Server 11 (x86_64), VERSION = 11, PATCHLEVEL = 2, samba-3.6.3-0.18.3, openldap2-2.4.26-0.12.1
BDC - SUSE Linux Enterprise Server 10 (i586) , VERSION = 10, samba-3.0.22-13.16, openldap2-2.3.19-18.7
1. On the BDC if I give the command below I get Unable to find a suitable server
BDC2:~ # net rpc info
Unable to find a suitable server
2. I am not able to sync ldap database, BDC with the PDC
I have enclosed my slapd.conf of PDC and BDC, can anybody let me know where I have gone wrong.
Your help is highly appreciated, thanks in advance.
Hanumanth Rao
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/samba3.schema
include /etc/openldap/schema/nis.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
# Load dynamic backend modules:
modulepath /usr/lib/openldap/modules
# moduleload back_ldap.la
# moduleload back_meta.la
# moduleload back_monitor.la
# moduleload back_perl.la
# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow self write access to user password
# Allow anonymous users to authenticate
# Allow read access to everything else
# Directives needed to implement policy:
## Yast2 samba hack ACL
## allow the "ldap admin dn" access, but deny everyone else
access to attrs=SambaLMPassword,SambaNTPassword
by dn="cn=sysadmin,dc=melcon,dc=org" write
by * none
## Yast2 samba hack ACL done
access to dn.base=""
by * read
access to dn.base="cn=Subschema"
by * read
access to attrs=userPassword,userPKCS12
by self write
by * auth
access to attrs=shadowLastChange
by self write
by * read
access to *
by * read
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!
#######################################################################
# BDB database definitions
#######################################################################
loglevel 0
allow bind_v2
database bdb
suffix "dc=melcon,dc=org"
rootdn "cn=sysadmin,dc=melcon,dc=org"
rootpw "secret"
directory /var/lib/ldap
checkpoint 1024 5
cachesize 10000
index objectClass,uidNumber,gidNumber,entryCSN,entryUUID eq
index member,mail eq,pres
index cn,displayname,uid,sn,givenname sub,eq,pres
index sambaSID eq
index memberUid eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
syncrepl
rid=11
provider=ldap://192.168.1.2:389
type=refreshOnly
bindmethod=simple
binddn="cn=sysadmin,dc=melcon,dc=org"
credentials=secret
searchbase="dc=melcon,dc=org"
filter="(objectClass=*)"
attrs="*"
schemachecking=off
scope=sub
retry="60 +"
#path: /etc/openldap/slapd.conf
#provider
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/samba3.schema
#If your slapd was configured with dynamic module support,
#and your backends and overlays are not statically compiled,
#you will need these module statements.
modulepath /usr/lib/openldap/modules
#moduleload syncprov.la
#moduleload accesslog.la
#moduleload back_bdb.la
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
allow bind_v2
# Samba Primary Database melcon.org
loglevel 0
database bdb
suffix "dc=melcon,dc=org"
rootdn "cn=sysadmin,dc=melcon,dc=org"
rootpw "secret"
directory /var/lib/ldap
checkpoint 1024 5
cachesize 10000
index objectClass,uidNumber,gidNumber,entryCSN,entryUUID eq
index member,mail eq,pres
index cn,displayname,uid,sn,givenname sub,eq,pres
index sambaSID eq
index memberUid eq
index sambaPrimaryGroupSID eq
index sambaSIDList eq,pres
index sambaDomainName eq
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
idletimeout 30