Am Wed, 19 Nov 2014 07:38:02 +0000 (UTC) schrieb wailok tam <wailok...@yahoo.com>:
> Hi, I am new to ldap. I am following the book "Mastering Openldap" to > set up replication but I am getting the error given in the title when > I start the slave with "splad -d sync" . Replication does not work. > ****************************************************************************************************** > slapd.conf of the Master: include > /etc/openldap/schema/core.schemainclude > /etc/openldap/schema/cosine.schemainclude > /etc/openldap/schema/inetorgperson.schemainclude > /etc/openldap/schema/nis.schemainclude > /etc/openldap/schema/samba.schema > > #modulepath /usr/lib/openldap#moduleload syncprov.la > # Allow LDAPv2 client connections. This is NOT the default.allow > bind_v2 # Do not enable referrals until AFTER you have a working > directory# service AND an understanding of referrals.#referral > ldap://root.openldap.org pidfile > /var/run/openldap/slapd.pidargsfile > /var/run/openldap/slapd.args #sasl-realm ier.hit-u.ac.jp#sasl-host > localhost#authz-regexp > uid=([^,]*),cn=ier.hit-u.ac.jp,cn=DIGEST-MD5,cn=auth > cn=$1,dc=ier,dc=hit-u,dc=ac,dc=jp > ######################################################################## > ldbm and/or bdb database > definitions####################################################################### > database bdbsuffix > "dc=ier,dc=hit-u,dc=ac,dc=jp"rootdn > "cn=root,dc=ier,dc=hit-u,dc=ac,dc=jp"#rootpw > {MD5}x1Ktlhm0p7RPnl/G01rhTQ==rootpw secret#password-hash > {MD5}directory /var/lib/ldap > TLSCACertificateFile /usr/share/ssl/certs/nii-odca2.crtTLSCertificateFile > /usr/share/ssl/certs/mail.ier.hit-u.ac.jp.crtTLSCertificateKeyFile > /usr/share/ssl/certs/mail.ier.hit-u.ac.jp.key > overlay syncprovsyncprov-checkpoint 50 10syncprov-sessionlog 100 # > Indices to maintain for this databaseindex objectClass > eq,presindex ou,cn,mail,surname,givenname > eq,pres,subindex uidNumber,gidNumber,loginShell eq,presindex > uid,memberUid eq,pres,subindex > nisMapName,nisMapEntry eq,pres,subindex entryCSN,entryUUID > eq idlcachesize 1000 > > access to attrs=userPassword by self write by > dn="cn=root,dc=ier,dc=hit-u,dc=ac,dc=jp" write by > dn="cn=dovecot,dc=ier,dc=hit-u,dc=ac,dc=jp" read by > dn.exact="cn=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp" read > by anonymous auth by * none > > > access to attrs=SambaLMPassword,SambaNTPassword by > dn="cn=root,dc=ier,dc=hit-u,dc=ac,dc=jp" write by > dn="cn=dovecot,dc=ier,dc=hit-u,dc=ac,dc=jp" read by > dn.exact="cn=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp" read > by self read by anonymous auth by * none access to * by self > write by dn="cn=root,dc=ier,dc=hit-u,dc=ac,dc=jp" write by > dn.exact="cn=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp" read > by * read > ***************************************************************************************************** > sladp.conf of the slave: include > /etc/openldap/schema/core.schemainclude > /etc/openldap/schema/cosine.schemainclude > /etc/openldap/schema/inetorgperson.schemainclude > /etc/openldap/schema/nis.schemainclude > /etc/openldap/schema/samba.schema # Allow LDAPv2 client > connections. This is NOT the default.allow bind_v2 # Do not enable > referrals until AFTER you have a working directory# service AND an > understanding of referrals.#referral ldap://root.openldap.org > pidfile /var/run/openldap/slapd.pidargsfile > /var/run/openldap/slapd.args > ######################################################################## > ldbm and/or bdb database > definitions####################################################################### > database bdbsuffix > "dc=ier,dc=hit-u,dc=ac,dc=jp"#rootdn > "cn=root,dc=ier,dc=hit-u,dc=ac,dc=jp"rootdn > "cn=replicator,dc=ier,dc=hit-u,dc=ac,dc=jp"#rootpw > {MD5}x1Ktlhm0p7RPnl/G01rhTQ==rootpw secretofreplicator > #password-hash {MD5}directory > /var/lib/ldap#TLSCACertificateFile > /usr/share/ssl/certs/nii-odca2.crt#TLSCertificateFile > /usr/share/ssl/certs/mail.ier.hit-u.ac.jp.crt#TLSCertificateKeyFile > /usr/share/ssl/certs/mail.ier.hit-u.ac.jp.key > > > # Replicas of this database#updatedn > cn=replicator,dc=ier,dc=hit-u,dc=ac,dc=jp#updateref > uri=ldap://192.168.84.22 # Indices to maintain for this databaseindex > objectClass eq,presindex > ou,cn,mail,surname,givenname eq,pres,subindex > uidNumber,gidNumber,loginShell eq,presindex uid,memberUid > eq,pres,subindex nisMapName,nisMapEntry > eq,pres,subindex entryCSN,entryUUID eq idlcachesize 1000 > > #access to attrs=userPassword# by > dn="cn=replicator,dc=ier,dc=hit-u,dc=ac,dc=jp" write# by self write# > by anonymous auth# by * none > > #access to * # by dn="cn=replicator,dc=ier,dc=hit-u,dc=ac,dc=jp" > write# by self write# by * read > > > > #loglevel stats sync > syncrepl rid=001 > provider=ldap://mail.ier.hit-u.ac.jp type=refreshAndPersist > interval=00:00:05:00 searchbase="dc=ier,dc=hit-u,dc=ac,dc=jp" > binddn="uid=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp" > bindmethod=simple# bindmethod=sasl saslmech=DIGEST-MD5# > authcid=replicator credentials=secretofreplicator updateref > ldap://mail.ier.hit-u.ac.jp/ > > *****************************************************************************************what > puzzles me is that: I try on the slave to access the master > withldapsearch -x -H ldap://mail.ier.hit-u.ac.jp -W -D > 'cn=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp' '(uid=someone)' > and it works. What is wrong? I really need your help. The master configuration is wrong. Configuration of slapd.conf has to follow a defined order, that is: - global configuration parameters - global specific overlays parameters - first database specific configuration parameters - first database specific overlays configuration parameters - second database specific configuration parameters - second database specific overlays configuration parameters -Dieter -- Dieter Klünter | Systemberatung http://sys4.de GPG Key ID: E9ED159B 53°37'09,95"N 10°08'02,42"E