Am Wed, 19 Nov 2014 07:38:02 +0000 (UTC)
schrieb wailok tam <wailok...@yahoo.com>:

> Hi, I am new to ldap. I am following the book "Mastering Openldap" to
> set up replication but I am getting the error given in the title when
> I start the slave with "splad -d sync" . Replication does not work.
> ******************************************************************************************************
> slapd.conf of the Master: include
>   /etc/openldap/schema/core.schemainclude
>   /etc/openldap/schema/cosine.schemainclude
>   /etc/openldap/schema/inetorgperson.schemainclude
>   /etc/openldap/schema/nis.schemainclude
>   /etc/openldap/schema/samba.schema
> 
> #modulepath /usr/lib/openldap#moduleload syncprov.la
> # Allow LDAPv2 client connections.  This is NOT the default.allow
> bind_v2 # Do not enable referrals until AFTER you have a working
> directory# service AND an understanding of referrals.#referral
> ldap://root.openldap.org pidfile
>   /var/run/openldap/slapd.pidargsfile
>  /var/run/openldap/slapd.args #sasl-realm ier.hit-u.ac.jp#sasl-host
> localhost#authz-regexp
> uid=([^,]*),cn=ier.hit-u.ac.jp,cn=DIGEST-MD5,cn=auth
> cn=$1,dc=ier,dc=hit-u,dc=ac,dc=jp
> ########################################################################
> ldbm and/or bdb database
> definitions#######################################################################
> database        bdbsuffix
>  "dc=ier,dc=hit-u,dc=ac,dc=jp"rootdn
>  "cn=root,dc=ier,dc=hit-u,dc=ac,dc=jp"#rootpw
>  {MD5}x1Ktlhm0p7RPnl/G01rhTQ==rootpw secret#password-hash
> {MD5}directory       /var/lib/ldap
> TLSCACertificateFile /usr/share/ssl/certs/nii-odca2.crtTLSCertificateFile 
> /usr/share/ssl/certs/mail.ier.hit-u.ac.jp.crtTLSCertificateKeyFile 
> /usr/share/ssl/certs/mail.ier.hit-u.ac.jp.key
> overlay syncprovsyncprov-checkpoint 50 10syncprov-sessionlog 100 #
> Indices to maintain for this databaseindex objectClass
>         eq,presindex ou,cn,mail,surname,givenname
>  eq,pres,subindex uidNumber,gidNumber,loginShell    eq,presindex
> uid,memberUid                     eq,pres,subindex
> nisMapName,nisMapEntry            eq,pres,subindex entryCSN,entryUUID
> eq idlcachesize 1000
> 
> access to attrs=userPassword  by self write  by
> dn="cn=root,dc=ier,dc=hit-u,dc=ac,dc=jp" write  by
> dn="cn=dovecot,dc=ier,dc=hit-u,dc=ac,dc=jp" read  by
> dn.exact="cn=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp" read
> by anonymous auth  by * none
> 
> 
> access to attrs=SambaLMPassword,SambaNTPassword  by
> dn="cn=root,dc=ier,dc=hit-u,dc=ac,dc=jp" write  by
> dn="cn=dovecot,dc=ier,dc=hit-u,dc=ac,dc=jp" read  by
> dn.exact="cn=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp" read
> by self read  by anonymous auth  by * none access to *  by self
> write  by dn="cn=root,dc=ier,dc=hit-u,dc=ac,dc=jp" write  by
> dn.exact="cn=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp" read
> by * read
> *****************************************************************************************************
> sladp.conf of the slave: include
>   /etc/openldap/schema/core.schemainclude
>   /etc/openldap/schema/cosine.schemainclude
>   /etc/openldap/schema/inetorgperson.schemainclude
>   /etc/openldap/schema/nis.schemainclude
>   /etc/openldap/schema/samba.schema # Allow LDAPv2 client
> connections.  This is NOT the default.allow bind_v2 # Do not enable
> referrals until AFTER you have a working directory# service AND an
> understanding of referrals.#referral       ldap://root.openldap.org
> pidfile         /var/run/openldap/slapd.pidargsfile
>  /var/run/openldap/slapd.args
> ########################################################################
> ldbm and/or bdb database
> definitions#######################################################################
> database        bdbsuffix
>  "dc=ier,dc=hit-u,dc=ac,dc=jp"#rootdn
>  "cn=root,dc=ier,dc=hit-u,dc=ac,dc=jp"rootdn
>  "cn=replicator,dc=ier,dc=hit-u,dc=ac,dc=jp"#rootpw
>  {MD5}x1Ktlhm0p7RPnl/G01rhTQ==rootpw secretofreplicator
> #password-hash   {MD5}directory
>   /var/lib/ldap#TLSCACertificateFile 
> /usr/share/ssl/certs/nii-odca2.crt#TLSCertificateFile 
> /usr/share/ssl/certs/mail.ier.hit-u.ac.jp.crt#TLSCertificateKeyFile 
> /usr/share/ssl/certs/mail.ier.hit-u.ac.jp.key
>  
> 
> # Replicas of this database#updatedn
>  cn=replicator,dc=ier,dc=hit-u,dc=ac,dc=jp#updateref
> uri=ldap://192.168.84.22 # Indices to maintain for this databaseindex
> objectClass                       eq,presindex
> ou,cn,mail,surname,givenname      eq,pres,subindex
> uidNumber,gidNumber,loginShell    eq,presindex uid,memberUid
>             eq,pres,subindex nisMapName,nisMapEntry
>  eq,pres,subindex entryCSN,entryUUID eq  idlcachesize 1000
> 
> #access to attrs=userPassword#  by
> dn="cn=replicator,dc=ier,dc=hit-u,dc=ac,dc=jp" write#  by self write#
>  by anonymous auth#  by * none
> 
> #access to * #  by dn="cn=replicator,dc=ier,dc=hit-u,dc=ac,dc=jp"
> write#  by self write#  by * read
> 
> 
> 
> #loglevel stats sync
> syncrepl rid=001
> provider=ldap://mail.ier.hit-u.ac.jp          type=refreshAndPersist
>   interval=00:00:05:00    searchbase="dc=ier,dc=hit-u,dc=ac,dc=jp"
>            binddn="uid=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp"
>   bindmethod=simple#    bindmethod=sasl saslmech=DIGEST-MD5#
>  authcid=replicator     credentials=secretofreplicator updateref
>   ldap://mail.ier.hit-u.ac.jp/    
> 
> *****************************************************************************************what
> puzzles me is that: I try on the slave to access the master
> withldapsearch -x -H ldap://mail.ier.hit-u.ac.jp  -W -D
> 'cn=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp' '(uid=someone)'
> and it works. What is wrong? I really need your help.

The master configuration is wrong. Configuration of slapd.conf has to
follow a defined order, that is:

- global configuration parameters
- global specific overlays parameters
- first database specific configuration parameters
- first database specific overlays configuration parameters
- second database specific configuration parameters
- second database specific overlays configuration parameters

-Dieter

-- 
Dieter Klünter | Systemberatung
http://sys4.de
GPG Key ID: E9ED159B
53°37'09,95"N
10°08'02,42"E

Reply via email to