[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: any help on "ldap_sasl_bind_s failed (53)"




thx for your reply.

do i put in the slave conf file the same thing as the following command?

> ldapsearch -x -H ldap://mail.ier.hit-u.ac.jp -W -D > 'cn=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp' '(uid=someone)'

------------------------------
On Wed, Nov 19, 2014 9:25 AM GMT Jephte Clain wrote:

>hello,
>
>I would say, try to understand the meaning of what you do. The
>openldap admin guide is a good place to start.
>
>- for instance, on the slave, you bind to the master with dn
>uid=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp and password
>secretofreplicator
>does this objet exist *on the master*? with the right password? does
>this account have the right acl to read everything on the master
>(i.e., on the master, the acl is defined for cn=replicator,... which
>is not the same as uid=replicator,...)
>- also, why would you use the replicator dn as the rootdn for the slave?
>
>one last thing: I advise you change the password of both the master
>and slave. posting the file with the hash password of the root dn on
>the internet is not a good idea :-)
>
>good luck
>
>
>2014-11-19 11:38 GMT+04:00 wailok tam <wailoktam@yahoo.com>:
>> Hi, I am new to ldap. I am following the book "Mastering Openldap" to set up
>> replication
>> but I am getting the error given in the title when I start the slave with
>> "splad -d sync" . Replication does
>> not work.
>>
>> ******************************************************************************************************
>>
>> slapd.conf of the Master:
>>
>> include         /etc/openldap/schema/core.schema
>> include         /etc/openldap/schema/cosine.schema
>> include         /etc/openldap/schema/inetorgperson.schema
>> include         /etc/openldap/schema/nis.schema
>> include         /etc/openldap/schema/samba.schema
>>
>>
>> #modulepath /usr/lib/openldap
>> #moduleload syncprov.la
>>
>> # Allow LDAPv2 client connections.  This is NOT the default.
>> allow bind_v2
>>
>> # Do not enable referrals until AFTER you have a working directory
>> # service AND an understanding of referrals.
>> #referral       ldap://root.openldap.org
>>
>> pidfile         /var/run/openldap/slapd.pid
>> argsfile        /var/run/openldap/slapd.args
>>
>> #sasl-realm ier.hit-u.ac.jp
>> #sasl-host localhost
>> #authz-regexp uid=([^,]*),cn=ier.hit-u.ac.jp,cn=DIGEST-MD5,cn=auth
>>         cn=$1,dc=ier,dc=hit-u,dc=ac,dc=jp
>>
>> #######################################################################
>> # ldbm and/or bdb database definitions
>> #######################################################################
>>
>> database        bdb
>> suffix          "dc=ier,dc=hit-u,dc=ac,dc=jp"
>> rootdn          "cn=root,dc=ier,dc=hit-u,dc=ac,dc=jp"
>> #rootpw          {MD5}x1Ktlhm0p7RPnl/G01rhTQ==
>> rootpw secret
>> #password-hash   {MD5}
>> directory       /var/lib/ldap
>>
>> TLSCACertificateFile /usr/share/ssl/certs/nii-odca2.crt
>> TLSCertificateFile /usr/share/ssl/certs/mail.ier.hit-u.ac.jp.crt
>> TLSCertificateKeyFile /usr/share/ssl/certs/mail.ier.hit-u.ac.jp.key
>>
>> overlay syncprov
>> syncprov-checkpoint 50 10
>> syncprov-sessionlog 100
>>
>> # Indices to maintain for this database
>> index objectClass                       eq,pres
>> index ou,cn,mail,surname,givenname      eq,pres,sub
>> index uidNumber,gidNumber,loginShell    eq,pres
>> index uid,memberUid                     eq,pres,sub
>> index nisMapName,nisMapEntry            eq,pres,sub
>> index entryCSN,entryUUID eq
>> idlcachesize 1000
>>
>>
>> access to attrs=userPassword
>>   by self write
>>   by dn="cn=root,dc=ier,dc=hit-u,dc=ac,dc=jp" write
>>   by dn="cn=dovecot,dc=ier,dc=hit-u,dc=ac,dc=jp" read
>>   by dn.exact="cn=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp" read
>>   by anonymous auth
>>   by * none
>>
>>
>>
>> access to attrs=SambaLMPassword,SambaNTPassword
>>   by dn="cn=root,dc=ier,dc=hit-u,dc=ac,dc=jp" write
>>   by dn="cn=dovecot,dc=ier,dc=hit-u,dc=ac,dc=jp" read
>>   by dn.exact="cn=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp" read
>>   by self read
>>   by anonymous auth
>>   by * none
>>
>> access to *
>>   by self write
>>   by dn="cn=root,dc=ier,dc=hit-u,dc=ac,dc=jp" write
>>   by dn.exact="cn=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp" read
>>   by * read
>>
>> *****************************************************************************************************
>>
>> sladp.conf of the slave:
>>
>> include         /etc/openldap/schema/core.schema
>> include         /etc/openldap/schema/cosine.schema
>> include         /etc/openldap/schema/inetorgperson.schema
>> include         /etc/openldap/schema/nis.schema
>> include         /etc/openldap/schema/samba.schema
>>
>> # Allow LDAPv2 client connections.  This is NOT the default.
>> allow bind_v2
>>
>> # Do not enable referrals until AFTER you have a working directory
>> # service AND an understanding of referrals.
>> #referral       ldap://root.openldap.org
>>
>> pidfile         /var/run/openldap/slapd.pid
>> argsfile        /var/run/openldap/slapd.args
>>
>> #######################################################################
>> # ldbm and/or bdb database definitions
>> #######################################################################
>>
>> database        bdb
>> suffix          "dc=ier,dc=hit-u,dc=ac,dc=jp"
>> #rootdn          "cn=root,dc=ier,dc=hit-u,dc=ac,dc=jp"
>> rootdn          "cn=replicator,dc=ier,dc=hit-u,dc=ac,dc=jp"
>> #rootpw          {MD5}x1Ktlhm0p7RPnl/G01rhTQ==
>> rootpw secretofreplicator
>> #password-hash   {MD5}
>> directory       /var/lib/ldap
>> #TLSCACertificateFile /usr/share/ssl/certs/nii-odca2.crt
>> #TLSCertificateFile /usr/share/ssl/certs/mail.ier.hit-u.ac.jp.crt
>> #TLSCertificateKeyFile /usr/share/ssl/certs/mail.ier.hit-u.ac.jp.key
>>
>>
>> # Replicas of this database
>> #updatedn  cn=replicator,dc=ier,dc=hit-u,dc=ac,dc=jp
>> #updateref uri=ldap://192.168.84.22
>>
>> # Indices to maintain for this database
>> index objectClass                       eq,pres
>> index ou,cn,mail,surname,givenname      eq,pres,sub
>> index uidNumber,gidNumber,loginShell    eq,pres
>> index uid,memberUid                     eq,pres,sub
>> index nisMapName,nisMapEntry            eq,pres,sub
>> index entryCSN,entryUUID eq
>> idlcachesize 1000
>>
>>
>> #access to attrs=userPassword
>> #  by dn="cn=replicator,dc=ier,dc=hit-u,dc=ac,dc=jp" write
>> #  by self write
>> #  by anonymous auth
>> #  by * none
>>
>>
>> #access to *
>> #  by dn="cn=replicator,dc=ier,dc=hit-u,dc=ac,dc=jp" write
>> #  by self write
>> #  by * read
>>
>>
>>
>>
>> #loglevel stats sync
>>
>> syncrepl rid=001
>>     provider=ldap://mail.ier.hit-u.ac.jp
>>     type=refreshAndPersist
>>     interval=00:00:05:00
>>     searchbase="dc=ier,dc=hit-u,dc=ac,dc=jp"
>>     binddn="uid=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp"
>>     bindmethod=simple
>> #    bindmethod=sasl saslmech=DIGEST-MD5
>> #    authcid=replicator
>>     credentials=secretofreplicator
>>
>> updateref       ldap://mail.ier.hit-u.ac.jp/
>>
>>
>> *****************************************************************************************
>> what puzzles me is that:
>>
>> I try on the slave to access the master with
>> ldapsearch -x -H ldap://mail.ier.hit-u.ac.jp  -W -D
>> 'cn=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp' '(uid=someone)'
>>
>> and it works.
>>
>> What is wrong? I really need your help.
>>
>>
>
>
>
>-- 
>cordialement,
>Jephté Clain
>Direction des Systèmes d'Information
>et des Usages Numériques - 2IG
>Tél. 0262 93 86 31
>Fax. 0262 93 81 06
>