Slapd Version: 2.3.25
Perhaps I'm missing something pretty obvious about replicated slapd
servers, but I simply cannot get it to work.
My master server has
replica uri=ldap://titan.ott.precidia.com
binddn=uid=slapd,ou=Services,dc=precidia
I am using openldap 2.1.29 .
[...]
Please let me know, if upgradation of the version will be helpful.
Upgrading the version would still be helpful. 2.1.29 is quite old at this
point and there are many known bugs with replication that have been
addressed in the past few years.
You're trying to replicate (i.e. write) as
binddn=uid=slapd,ou=Services,dc=precidia
and running into configuration that includes (early on)
access to attrs=userPassword
by anonymous auth
by self write
by * none
so an attempt to replicate an entry,
It appears that the updatedn on the slave does not have write permission
on the datum it's trying to update (I guess, the userPassword attribute of
the user whose password is being changed). What's the ACL in your slave?
p.
Ing. Pierangelo Masarati
OpenLDAP Core Team
SysNet s.n.c.
Via
On 9/13/06, Aaron Richton [EMAIL PROTECTED] wrote:
Upgrading the version would still be helpful. 2.1.29 is quite old at this
point and there are many known bugs with replication that have been
addressed in the past few years.
I second that, upgrading to 2.3.x series made most of our headaches
You're trying to replicate (i.e. write) as
binddn=uid=slapd,ou=Services,dc=precidia
and running into configuration that includes (early on)
accessto attrs=userPassword
by anonymous auth
by self write
by * none
so an attempt to replicate an entry, which
So... I need to add an extra auth line for my replication DN? I never saw
that mentioned in the OpenLDAP Administrator's Guide; I assumed that
mentioning it as the updatedn would be sufficient.
Well, let's take a look at the logs to figure it out:
Sep 13 10:44:07 titan slapd[5789]: conn=0
On 9/13/06, Brian White [EMAIL PROTECTED] wrote:
You're trying to replicate (i.e. write) as
binddn=uid=slapd,ou=Services,dc=precidia
and running into configuration that includes (early on)
accessto attrs=userPassword
by anonymous auth
by self write
by *
So... I need to add an extra auth line for my replication DN? I
never saw that mentioned in the OpenLDAP Administrator's Guide; I
assumed that mentioning it as the updatedn would be sufficient.
From the Admin Guide:
14.4.2. Set up the slave slapd
...
4. Make sure the DN given in
You need to add an ACL for the updatedn to have write permissions.
It's pretty easy.
access to * by dn.exact=uid=slapd,ou=Services,dc=precidia write
should do it. (off the top of my head) See the slapd.access man page.
I tried that, but it semes I may need to add it to _all_ the access
So... I need to add an extra auth line for my replication DN? I
never saw that mentioned in the OpenLDAP Administrator's Guide; I
assumed that mentioning it as the updatedn would be sufficient.
Well, let's take a look at the logs to figure it out:
Sep 13 10:44:07 titan slapd[5789]: conn=0
Hi = All,
I am a new LDAP = user. I just installed OpenLDAP 2.2.29 on Windows XP. I can use LDAP = Browser to connect but I can't make ldapmodify work. Here is my command:
ldapmodify -w = secret -f ldapmodify.ldif
then I get
ldap_bind: Invalid credentials (49)
It seems to be
On 9/13/06, Brian White [EMAIL PROTECTED] wrote:
You need to add an ACL for the updatedn to have write permissions.
It's pretty easy.
access to * by dn.exact=uid=slapd,ou=Services,dc=precidia write
should do it. (off the top of my head) See the slapd.access man page.
I tried that, but it
Hello, I must make a migration ofpropriary LDAP serverwith openldap My problem is on authentification. The applications which use it connect in simple authentification but without context Ex: cn=toto withhis password is all I tried to connect me by creating a script tobind in backend
On 9/13/06, Tu Haiyi [EMAIL PROTECTED] wrote:
Hi All, I am a new LDAP user. I just installed OpenLDAP 2.2.29 on Windows
XP. I can use LDAP Browser to connect but I can't make ldapmodify work. Here
is my command: ldapmodify -w secret -f ldapmodify.ldif then I get ldap_bind:
Invalid credentials
Pierre FERT wrote:
Ex: cn=toto with his password is all
Unfortunately you didn't mention what your DIT looks like.
I tested the rules of rwm, but it is similar these rules are not
called upon either
Using slapo-rwm seems to be the solution for your issue with misbehaving
What commands are you trying? Can you include the command lines you are
using, the input you are using, and the errors that are output?
In terms of directly adding entries such as cn=toto or cn=pfe or
cn=richton to an OpenLDAP directory, merely specify a null suffix (i.e.
specify 'suffix ' in
I tried that, but it semes I may need to add it to _all_ the access
lines, since there are separate one that control access to passwords,
etc.
The ordering of ACL's make a difference. Maybe you can just try to
put it near the top?
I'm afraid if I do, then I'll end up changing the access
Pierre FERT wrote:
My problem is on authentification.
The applications which use it connect in simple authentification
but without context
Ex: cn=toto with his password is all
I tried to connect me by creating a script to bind in backend Shell
a database would
On Wed, Sep 13, 2006 at 01:34:07PM -0400, Brian White wrote:
I tried that, but it semes I may need to add it to _all_ the access
lines, since there are separate one that control access to passwords,
etc.
The ordering of ACL's make a difference. Maybe you can just try to
put it near the
It semes to be working if I add the replication DN to all the ACLs, so
I think I'll just stick with that.
A viable workaround is to add, as the first rule
access to *
by dn.exact=your replicator's DN write
by * break
which basically means: your replicator's DN will have write
Hi All,
I am a new LDAP user. I just installed OpenLDAP 2.2.29 on Windows XP. I can
use LDAP Browser to connect but I can't make ldapmodify work. Here is my
command:
ldapmodify -D cn=Manager,dc=my-domain,dc=com -w secret -v -f ldapmodify.ldif
then I get
ldap_initialize( DEFAULT )
[EMAIL PROTECTED] writes:
Hi All,
I am a new LDAP user. I just installed OpenLDAP 2.2.29 on Windows XP. I can
use LDAP Browser to connect but I can't make ldapmodify work. Here is my
command:
ldapmodify -D cn=Manager,dc=my-domain,dc=com -w secret -v -f
ldapmodify.ldif
then
23 matches
Mail list logo
