[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLdap provider-client replication error



Hello Christian,

Thanks for the pointer. I followed your suggestion and it worked on the provider server.

However the customer server is still throwing the same error. Even though i used the a root unix user. Below is the config on the customer side: http://pastebin.com/9zanEh8c

sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f enable_sync_consumer.ldif
modifying entry "cn=config"
ldap_modify: Insufficient access (50)

Thanks again

Cheers!


On Tue, Mar 11, 2014 at 1:28 PM, Christian Kratzer <ck-lists@cksoft.de> wrote:
Hi,

On Tue, 11 Mar 2014, Seun Ojedeji wrote:

Hello thanks for your response,

On Tue, Mar 11, 2014 at 11:01 AM, Christian Kratzer <ck-lists@cksoft.de>wrote:

Hi,


On Tue, 11 Mar 2014, Seun Ojedeji wrote:
How do i fix the insuffient access problem? I am using the admin that has
full write access on ldap.
<snipp/>

Its a fresh ldap setup and i only have one admin user created (with on
personal user) here is the script i used in setting up ldap:
http://pastebin.com/JagCtptS

your acl for cn=config is as follows:

    dn: olcDatabase={0}config,cn=config
    objectClass: olcDatabaseConfig
    olcDatabase: {0}config
    olcAccess: {0}to * by
    dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external ,cn=auth manage by * break

This only allows the unix root user to manage cn=config.

The admin user you are using is for managing access to the main directory.

To manage cn=config in this setup you should use

    ldapadd -Y EXTERNAL  -H ldapi:///
    ldapmodify -Y EXTERNAL  -H ldapi:///


1. your openldap version


openldap-2.4.28


Do yourself a favor and upgrade to 2.4.39 before starting with any serious openldap work.

You can get upto date rpm and deb packages from http://ltb-project.org/wiki/

Greetings
Christian






2. your full configuration (preferably on pastebin oder such)


  Use slapcat -n0 to extract the config

http://pastebin.com/U6SmeFNC

Thanks again for helping out


Greetings
Christian

--
Christian Kratzer                   CK Software GmbH
Email:   ck@cksoft.de               Wildberger Weg 24/2
Phone:   +49 7032 893 997 - 0       D-71126 Gaeufelden
Fax:     +49 7032 893 997 - 9       HRB 245288, Amtsgericht Stuttgart
Mobile:  +49 171 1947 843           Geschaeftsfuehrer: Christian Kratzer
Web:     http://www.cksoft.de/






--
Christian Kratzer                   CK Software GmbH
Email:   ck@cksoft.de               Wildberger Weg 24/2
Phone:   +49 7032 893 997 - 0       D-71126 Gaeufelden
Fax:     +49 7032 893 997 - 9       HRB 245288, Amtsgericht Stuttgart
Mobile:  +49 171 1947 843           Geschaeftsfuehrer: Christian Kratzer
Web:     http://www.cksoft.de/



--
------------------------------------------------------------------------
Seun Ojedeji,
Federal University Oye-Ekiti
web:      http://www.fuoye.edu.ng
Mobile: +2348035233535
alt email: seun.ojedeji@fuoye.edu.ng