[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: unable to query rootdn on slave via external auth
On 16/07/13 18:36, Quanah Gibson-Mount wrote:
are the olcAccess rules identical between the two?
When you bind via ldapi, if you examine the logs at 256, is the search
being mapped to the same DN on both master and replicas?
Hi Quanah, yes, the olcAccess is identical (I've even diffed them). I
forgot to mention the version - it's 2.4.28-1.1ubuntu5, the debug logs
look like this on the slave:
51e58768 conn=1002 fd=20 ACCEPT from PATH=/var/run/slapd/ldapi
(PATH=/var/run/slapd/ldapi)
51e58768 conn=1002 op=0 BIND dn="" method=163
51e58768 conn=1002 op=0 BIND
authcid="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth"
authzid="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth"
51e58768 conn=1002 op=0 BIND
dn="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth"
mech=EXTERNAL sasl_ssf=0 ssf=71
51e58768 conn=1002 op=0 RESULT tag=97 err=0 text=
51e58768 conn=1002 op=1 SRCH base="dc=example,dc=com" scope=0 deref=0
filter="(objectClass=*)"
51e58768 conn=1002 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
51e58768 conn=1002 op=2 UNBIND
51e58768 conn=1002 fd=20 closed
and this on the master:
51e5881d conn=1000 fd=16 ACCEPT from PATH=/var/run/slapd/ldapi
(PATH=/var/run/slapd/ldapi)
51e5881d conn=1000 op=0 BIND dn="" method=163
51e5881d conn=1000 op=0 BIND
authcid="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth"
authzid="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth"
51e5881d conn=1000 op=0 BIND
dn="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth"
mech=EXTERNAL sasl_ssf=0 ssf=71
51e5881d conn=1000 op=0 RESULT tag=97 err=0 text=
51e5881d conn=1000 op=1 SRCH base="dc=example,dc=com" scope=0 deref=0
filter="(objectClass=*)"
51e5881d conn=1000 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
51e5881d conn=1000 op=2 UNBIND
51e5881d conn=1000 fd=16 closed
Thanks,
Adrian