[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: unable to query rootdn on slave via external auth



On 16/07/13 18:36, Quanah Gibson-Mount wrote:

are the olcAccess rules identical between the two?

When you bind via ldapi, if you examine the logs at 256, is the search being mapped to the same DN on both master and replicas?
Hi Quanah, yes, the olcAccess is identical (I've even diffed them). I forgot to mention the version - it's 2.4.28-1.1ubuntu5, the debug logs look like this on the slave:

51e58768 conn=1002 fd=20 ACCEPT from PATH=/var/run/slapd/ldapi (PATH=/var/run/slapd/ldapi)
51e58768 conn=1002 op=0 BIND dn="" method=163
51e58768 conn=1002 op=0 BIND authcid="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" authzid="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" 51e58768 conn=1002 op=0 BIND dn="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" mech=EXTERNAL sasl_ssf=0 ssf=71
51e58768 conn=1002 op=0 RESULT tag=97 err=0 text=
51e58768 conn=1002 op=1 SRCH base="dc=example,dc=com" scope=0 deref=0 filter="(objectClass=*)"
51e58768 conn=1002 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
51e58768 conn=1002 op=2 UNBIND
51e58768 conn=1002 fd=20 closed

and this on the master:
51e5881d conn=1000 fd=16 ACCEPT from PATH=/var/run/slapd/ldapi (PATH=/var/run/slapd/ldapi)
51e5881d conn=1000 op=0 BIND dn="" method=163
51e5881d conn=1000 op=0 BIND authcid="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" authzid="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" 51e5881d conn=1000 op=0 BIND dn="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" mech=EXTERNAL sasl_ssf=0 ssf=71
51e5881d conn=1000 op=0 RESULT tag=97 err=0 text=
51e5881d conn=1000 op=1 SRCH base="dc=example,dc=com" scope=0 deref=0 filter="(objectClass=*)"
51e5881d conn=1000 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
51e5881d conn=1000 op=2 UNBIND
51e5881d conn=1000 fd=16 closed

Thanks,

Adrian