[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Replication account problem

To: openldap-technical@openldap.org
Subject: Re: Replication account problem
From: "A. Schulze" <sca@andreasschulze.de>
Date: Wed, 8 Jan 2020 17:28:20 +0100
Authentication-results: dahlem.somaf.de; arc=none smtp.remote-ip=2001:470:77b3:103::25
Authentication-results: dahlem.somaf.de; dmarc=pass (p=NONE dis=NONE) header.from=andreasschulze.de
Authentication-results: dahlem.somaf.de; spf=pass smtp.mailfrom=sca@andreasschulze.de
Authentication-results: dahlem.somaf.de; dkim=pass header.d=andreasschulze.de header.i=@andreasschulze.de header.a=ed25519-sha256 header.s=ed25519 header.b=c7c13lP1; dkim=pass (2048-bit key; secure) header.d=andreasschulze.de header.i=@andreasschulze.de header.a=rsa-sha256 header.s=201912-3F081D7F header.b=JN4J96wh
Content-language: en-US
Dkim-signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=andreasschulze.de; i=@andreasschulze.de; q=dns/txt; s=ed25519; t=1578500976; h=subject : to : references : from : message-id : date : mime-version : in-reply-to : content-type : content-transfer-encoding : from; bh=EUEUZ++KYOU7UTp5eWvxDk88AnOeh8UzWitlQ86XxYM=; b=c7c13lP1x1o8peVPdMS+IWkjjUVfy6M1ZbUi4hw59PgKrww3tbq7MgsY 09gjQJV0OJQNzKh7tjEM2GFJvf0PCA==
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=andreasschulze.de; s=201912-3F081D7F; t=1578500976; x=1583500976; bh=EUEUZ++KYOU7UTp5eWvxDk88AnOeh8UzWitlQ86XxYM=; h=Subject:To:References:From:Message-ID:Date:MIME-Version: In-Reply-To:Content-Type:Content-Transfer-Encoding:autocrypt:cc: content-transfer-encoding:content-type:date:from:in-reply-to: message-id:mime-version:openpgp:references:subject:to; b=JN4J96wh3hbjR2X9OZdb1Y72mTuIq5XwIhL7uFH6iub4BQvur4BDwE8TxLfB9unK1 yLIoYZU1Eauylc1XoM+5B1h4Y3Xb5LIHWjzK0xNyUQGl31RbKgPUt4BJQCLlQHxSXh hZfyJHWP6SeqyV1xciW3BhnbJSEjq1W61Ed2ADgBHxWkoieFlAZ1hFxkUPZ+Qtpv+a LivWlvJhulm/8DhMbB6R1AgDMzVuB0kFRlZrvAc6DqFR+riBfXeuJJ1o3sWa1QwtwV 5s6uCIz15duVpPKuv7oNuMySKXmAS4qPFC5Zm8msEgFoSuJnwHWyX9rUc42PSyjG45 KrRpKFLfA7p0Q==
In-reply-to: <f0329178-d3c7-e121-a39b-f525d5814dd3@rubycat.eu>
References: <f0329178-d3c7-e121-a39b-f525d5814dd3@rubycat.eu>


Am 08.01.20 um 16:16 schrieb Vincent Ducot:
> Hi all,
> I'm testing multi-master replication between (at least 2) openldap nodes (2.4.45, on Ubuntu 18.04) and facing a problem with replication account.

At some point in time I decided to create a separate database as replication-account

slapd.conf:
	database ldif
	directory /empty
	suffix "dc=syncrepl"
	access to dn.base="dc=syncrepl" by * auth
	rootdn "dc=syncrepl"
	rootpw "{PLAIN}secret"

This account exist per configuration even on an "empty" syncrepl consumer and is allowed to read/write the database to be replicated.
It will not be replicated itself an avoid the issue you describe. N-way replication can start from zero.

If this should be insecure, I hope, somebody will correct me (and the archive), please.

Andreas

References:
- Replication account problem
  - From: Vincent Ducot <vincent.ducot@rubycat.eu>

Prev by Date: Re: Openldap support SHA-256 or SHA-3.
Next by Date: Re: Openldap support SHA-256 or SHA-3.
Index(es):
- Chronological
- Thread