[Date Prev][Date Next] [Chronological] [Thread] [Top]

any help on "ldap_sasl_bind_s failed (53)"

Hi, I am new to ldap. I am following the book "Mastering Openldap" to set up replication 
but I am getting the error given in the title when I start the slave with "splad -d sync" . Replication does 
not work. 

******************************************************************************************************

slapd.conf of the Master:

include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/nis.schema
include         /etc/openldap/schema/samba.schema


#modulepath /usr/lib/openldap
#moduleload syncprov.la

# Allow LDAPv2 client connections.  This is NOT the default.
allow bind_v2

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral       ldap://root.openldap.org

pidfile         /var/run/openldap/slapd.pid
argsfile        /var/run/openldap/slapd.args

#sasl-realm ier.hit-u.ac.jp
#sasl-host localhost
#authz-regexp uid=([^,]*),cn=ier.hit-u.ac.jp,cn=DIGEST-MD5,cn=auth
        cn=$1,dc=ier,dc=hit-u,dc=ac,dc=jp

#######################################################################
# ldbm and/or bdb database definitions
#######################################################################

database        bdb
suffix          "dc=ier,dc=hit-u,dc=ac,dc=jp"
rootdn          "cn=root,dc=ier,dc=hit-u,dc=ac,dc=jp"
#rootpw          {MD5}x1Ktlhm0p7RPnl/G01rhTQ==
rootpw secret
#password-hash   {MD5}
directory       /var/lib/ldap

TLSCACertificateFile /usr/share/ssl/certs/nii-odca2.crt
TLSCertificateFile /usr/share/ssl/certs/mail.ier.hit-u.ac.jp.crt
TLSCertificateKeyFile /usr/share/ssl/certs/mail.ier.hit-u.ac.jp.key     

overlay syncprov
syncprov-checkpoint 50 10
syncprov-sessionlog 100   

# Indices to maintain for this database
index objectClass                       eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
index uidNumber,gidNumber,loginShell    eq,pres
index uid,memberUid                     eq,pres,sub
index nisMapName,nisMapEntry            eq,pres,sub
index entryCSN,entryUUID eq 
idlcachesize 1000


access to attrs=userPassword
  by self write
  by dn="cn=root,dc=ier,dc=hit-u,dc=ac,dc=jp" write
  by dn="cn=dovecot,dc=ier,dc=hit-u,dc=ac,dc=jp" read
  by dn.exact="cn=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp" read
  by anonymous auth
  by * none



access to attrs=SambaLMPassword,SambaNTPassword
  by dn="cn=root,dc=ier,dc=hit-u,dc=ac,dc=jp" write
  by dn="cn=dovecot,dc=ier,dc=hit-u,dc=ac,dc=jp" read
  by dn.exact="cn=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp" read
  by self read
  by anonymous auth
  by * none

access to *
  by self write
  by dn="cn=root,dc=ier,dc=hit-u,dc=ac,dc=jp" write
  by dn.exact="cn=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp" read
  by * read

*****************************************************************************************************

sladp.conf of the slave:

include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/nis.schema
include         /etc/openldap/schema/samba.schema

# Allow LDAPv2 client connections.  This is NOT the default.
allow bind_v2

# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral       ldap://root.openldap.org

pidfile         /var/run/openldap/slapd.pid
argsfile        /var/run/openldap/slapd.args

#######################################################################
# ldbm and/or bdb database definitions
#######################################################################

database        bdb
suffix          "dc=ier,dc=hit-u,dc=ac,dc=jp"
#rootdn          "cn=root,dc=ier,dc=hit-u,dc=ac,dc=jp"
rootdn          "cn=replicator,dc=ier,dc=hit-u,dc=ac,dc=jp"
#rootpw          {MD5}x1Ktlhm0p7RPnl/G01rhTQ==
rootpw secretofreplicator
#password-hash   {MD5}
directory       /var/lib/ldap
#TLSCACertificateFile /usr/share/ssl/certs/nii-odca2.crt
#TLSCertificateFile /usr/share/ssl/certs/mail.ier.hit-u.ac.jp.crt
#TLSCertificateKeyFile /usr/share/ssl/certs/mail.ier.hit-u.ac.jp.key  


# Replicas of this database
#updatedn  cn=replicator,dc=ier,dc=hit-u,dc=ac,dc=jp
#updateref uri=ldap://192.168.84.22

# Indices to maintain for this database
index objectClass                       eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
index uidNumber,gidNumber,loginShell    eq,pres
index uid,memberUid                     eq,pres,sub
index nisMapName,nisMapEntry            eq,pres,sub
index entryCSN,entryUUID eq  
idlcachesize 1000


#access to attrs=userPassword
#  by dn="cn=replicator,dc=ier,dc=hit-u,dc=ac,dc=jp" write
#  by self write
#  by anonymous auth
#  by * none


#access to * 
#  by dn="cn=replicator,dc=ier,dc=hit-u,dc=ac,dc=jp" write
#  by self write
#  by * read




#loglevel stats sync

syncrepl rid=001                                   
    provider=ldap://mail.ier.hit-u.ac.jp      
    type=refreshAndPersist
    interval=00:00:05:00
    searchbase="dc=ier,dc=hit-u,dc=ac,dc=jp"          
    binddn="uid=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp"
    bindmethod=simple
#    bindmethod=sasl saslmech=DIGEST-MD5
#    authcid=replicator 
    credentials=secretofreplicator

updateref       ldap://mail.ier.hit-u.ac.jp/    


*****************************************************************************************
what puzzles me is that:

I try on the slave to access the master with
ldapsearch -x -H ldap://mail.ier.hit-u.ac.jp  -W -D 'cn=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp' '(uid=someone)'

and it works. 

What is wrong? I really need your help.