[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: any help on "ldap_sasl_bind_s failed (53)"
hello,
I would say, try to understand the meaning of what you do. The
openldap admin guide is a good place to start.
- for instance, on the slave, you bind to the master with dn
uid=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp and password
secretofreplicator
does this objet exist *on the master*? with the right password? does
this account have the right acl to read everything on the master
(i.e., on the master, the acl is defined for cn=replicator,... which
is not the same as uid=replicator,...)
- also, why would you use the replicator dn as the rootdn for the slave?
one last thing: I advise you change the password of both the master
and slave. posting the file with the hash password of the root dn on
the internet is not a good idea :-)
good luck
2014-11-19 11:38 GMT+04:00 wailok tam <wailoktam@yahoo.com>:
> Hi, I am new to ldap. I am following the book "Mastering Openldap" to set up
> replication
> but I am getting the error given in the title when I start the slave with
> "splad -d sync" . Replication does
> not work.
>
> ******************************************************************************************************
>
> slapd.conf of the Master:
>
> include /etc/openldap/schema/core.schema
> include /etc/openldap/schema/cosine.schema
> include /etc/openldap/schema/inetorgperson.schema
> include /etc/openldap/schema/nis.schema
> include /etc/openldap/schema/samba.schema
>
>
> #modulepath /usr/lib/openldap
> #moduleload syncprov.la
>
> # Allow LDAPv2 client connections. This is NOT the default.
> allow bind_v2
>
> # Do not enable referrals until AFTER you have a working directory
> # service AND an understanding of referrals.
> #referral ldap://root.openldap.org
>
> pidfile /var/run/openldap/slapd.pid
> argsfile /var/run/openldap/slapd.args
>
> #sasl-realm ier.hit-u.ac.jp
> #sasl-host localhost
> #authz-regexp uid=([^,]*),cn=ier.hit-u.ac.jp,cn=DIGEST-MD5,cn=auth
> cn=$1,dc=ier,dc=hit-u,dc=ac,dc=jp
>
> #######################################################################
> # ldbm and/or bdb database definitions
> #######################################################################
>
> database bdb
> suffix "dc=ier,dc=hit-u,dc=ac,dc=jp"
> rootdn "cn=root,dc=ier,dc=hit-u,dc=ac,dc=jp"
> #rootpw {MD5}x1Ktlhm0p7RPnl/G01rhTQ==
> rootpw secret
> #password-hash {MD5}
> directory /var/lib/ldap
>
> TLSCACertificateFile /usr/share/ssl/certs/nii-odca2.crt
> TLSCertificateFile /usr/share/ssl/certs/mail.ier.hit-u.ac.jp.crt
> TLSCertificateKeyFile /usr/share/ssl/certs/mail.ier.hit-u.ac.jp.key
>
> overlay syncprov
> syncprov-checkpoint 50 10
> syncprov-sessionlog 100
>
> # Indices to maintain for this database
> index objectClass eq,pres
> index ou,cn,mail,surname,givenname eq,pres,sub
> index uidNumber,gidNumber,loginShell eq,pres
> index uid,memberUid eq,pres,sub
> index nisMapName,nisMapEntry eq,pres,sub
> index entryCSN,entryUUID eq
> idlcachesize 1000
>
>
> access to attrs=userPassword
> by self write
> by dn="cn=root,dc=ier,dc=hit-u,dc=ac,dc=jp" write
> by dn="cn=dovecot,dc=ier,dc=hit-u,dc=ac,dc=jp" read
> by dn.exact="cn=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp" read
> by anonymous auth
> by * none
>
>
>
> access to attrs=SambaLMPassword,SambaNTPassword
> by dn="cn=root,dc=ier,dc=hit-u,dc=ac,dc=jp" write
> by dn="cn=dovecot,dc=ier,dc=hit-u,dc=ac,dc=jp" read
> by dn.exact="cn=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp" read
> by self read
> by anonymous auth
> by * none
>
> access to *
> by self write
> by dn="cn=root,dc=ier,dc=hit-u,dc=ac,dc=jp" write
> by dn.exact="cn=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp" read
> by * read
>
> *****************************************************************************************************
>
> sladp.conf of the slave:
>
> include /etc/openldap/schema/core.schema
> include /etc/openldap/schema/cosine.schema
> include /etc/openldap/schema/inetorgperson.schema
> include /etc/openldap/schema/nis.schema
> include /etc/openldap/schema/samba.schema
>
> # Allow LDAPv2 client connections. This is NOT the default.
> allow bind_v2
>
> # Do not enable referrals until AFTER you have a working directory
> # service AND an understanding of referrals.
> #referral ldap://root.openldap.org
>
> pidfile /var/run/openldap/slapd.pid
> argsfile /var/run/openldap/slapd.args
>
> #######################################################################
> # ldbm and/or bdb database definitions
> #######################################################################
>
> database bdb
> suffix "dc=ier,dc=hit-u,dc=ac,dc=jp"
> #rootdn "cn=root,dc=ier,dc=hit-u,dc=ac,dc=jp"
> rootdn "cn=replicator,dc=ier,dc=hit-u,dc=ac,dc=jp"
> #rootpw {MD5}x1Ktlhm0p7RPnl/G01rhTQ==
> rootpw secretofreplicator
> #password-hash {MD5}
> directory /var/lib/ldap
> #TLSCACertificateFile /usr/share/ssl/certs/nii-odca2.crt
> #TLSCertificateFile /usr/share/ssl/certs/mail.ier.hit-u.ac.jp.crt
> #TLSCertificateKeyFile /usr/share/ssl/certs/mail.ier.hit-u.ac.jp.key
>
>
> # Replicas of this database
> #updatedn cn=replicator,dc=ier,dc=hit-u,dc=ac,dc=jp
> #updateref uri=ldap://192.168.84.22
>
> # Indices to maintain for this database
> index objectClass eq,pres
> index ou,cn,mail,surname,givenname eq,pres,sub
> index uidNumber,gidNumber,loginShell eq,pres
> index uid,memberUid eq,pres,sub
> index nisMapName,nisMapEntry eq,pres,sub
> index entryCSN,entryUUID eq
> idlcachesize 1000
>
>
> #access to attrs=userPassword
> # by dn="cn=replicator,dc=ier,dc=hit-u,dc=ac,dc=jp" write
> # by self write
> # by anonymous auth
> # by * none
>
>
> #access to *
> # by dn="cn=replicator,dc=ier,dc=hit-u,dc=ac,dc=jp" write
> # by self write
> # by * read
>
>
>
>
> #loglevel stats sync
>
> syncrepl rid=001
> provider=ldap://mail.ier.hit-u.ac.jp
> type=refreshAndPersist
> interval=00:00:05:00
> searchbase="dc=ier,dc=hit-u,dc=ac,dc=jp"
> binddn="uid=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp"
> bindmethod=simple
> # bindmethod=sasl saslmech=DIGEST-MD5
> # authcid=replicator
> credentials=secretofreplicator
>
> updateref ldap://mail.ier.hit-u.ac.jp/
>
>
> *****************************************************************************************
> what puzzles me is that:
>
> I try on the slave to access the master with
> ldapsearch -x -H ldap://mail.ier.hit-u.ac.jp -W -D
> 'cn=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp' '(uid=someone)'
>
> and it works.
>
> What is wrong? I really need your help.
>
>
--
cordialement,
Jephté Clain
Direction des Systèmes d'Information
et des Usages Numériques - 2IG
Tél. 0262 93 86 31
Fax. 0262 93 81 06