I have tried to review all possible documentation and read through all mailing list archives relevant to this problem. My apologies if this has been covered before and I have missed it.
No matter what kind of change I make I continue to get err=19 when I try to replicate.
May 17 23:25:35 ldap2 slapd[3097]: conn=1 op=8 MOD attr=description entryCSN modifiersName modifyTimestamp May 17 23:25:35 ldap2 slapd[3097]: conn=1 op=8 RESULT tag=103 err=19 text=entryCSN: no user modification allowed
I am running Fedora Core 5 with ldap version openldap-servers-2.3.30-2.fc5 on both the master and slave.
I currently am using the rootdn simply because there shouldn't be any restrictions on that user. I was using a different user previously with the exact same results. Both systems have an exact copy of the same LDAP db.
Here is my master LDAP slapd.conf file.
include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/samba.schema include /etc/openldap/schema/officeperson.schema include /etc/openldap/schema/RADIUS-LDAPv3.schema
allow bind_v2
pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args
TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt TLSCertificateFile /etc/pki/tls/certs/ldap.intelligraphics.com-crt.crt TLSCertificateKeyFile /etc/pki/tls/certs/ldap.intelligraphics.com-key.pem
access to attrs=userPassword,sambaLMPassword,sambaNTPassword by group="cn=ldapadmins,ou=Groups,dc=intelligraphics,dc=com" write by self write by anonymous auth by * none access to attrs=uid by group="cn=ldapadmins,ou=Groups,dc=intelligraphics,dc=com" write by * read access to attrs=mail,homeemail,telephonenumber,homephone,mobile,ipphone,facsimiletelephonenumber,postaladdress,l,st,postalcode,c,comment,description by group="cn=phoneadmins,ou=Groups,dc=intelligraphics,dc=com" write by group="cn=ldapadmins,ou=Groups,dc=intelligraphics,dc=com" write by self write by * read access to attrs=o by group="cn=phoneadmins,ou=Groups,dc=intelligraphics,dc=com" write by group="cn=ldapadmins,ou=Groups,dc=intelligraphics,dc=com" write by self write by * read access to * by group="cn=ldapadmins,ou=Groups,dc=intelligraphics,dc=com" write by self write by * read
database bdb suffix "dc=intelligraphics,dc=com" rootdn "cn=Manager,dc=intelligraphics,dc=com" rootpw password
directory /var/lib/ldap
index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq
replogfile /var/lib/ldap/openldap-master-replog replica uri=ldap://ldap2.intelligraphics.com binddn="cn=Manager,dc=intelligraphics,dc=com" bindmethod=simple credentials=password
Here is my slave LDAP slapd.conf file.
include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/samba.schema include /etc/openldap/schema/officeperson.schema include /etc/openldap/schema/RADIUS-LDAPv3.schema
allow bind_v2
pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args
TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt TLSCertificateFile /etc/pki/tls/certs/openvpn.intelligraphics.com-cert.pem TLSCertificateKeyFile /etc/pki/tls/certs/openvpn.intelligraphics.com-key.pem
access to attrs=userPassword,sambaLMPassword,sambaNTPassword by group="cn=ldapadmins,ou=Groups,dc=intelligraphics,dc=com" write by self write by anonymous auth by * none access to attrs=uid by group="cn=ldapadmins,ou=Groups,dc=intelligraphics,dc=com" write by * read access to attrs=mail,homeemail,telephonenumber,homephone,mobile,ipphone,facsimiletelephonenumber,postaladdress,l,st,postalcode,c,comment,description by group="cn=phoneadmins,ou=Groups,dc=intelligraphics,dc=com" write by group="cn=ldapadmins,ou=Groups,dc=intelligraphics,dc=com" write by self write by * read access to attrs=o by group="cn=phoneadmins,ou=Groups,dc=intelligraphics,dc=com" write by group="cn=ldapadmins,ou=Groups,dc=intelligraphics,dc=com" write by self write by * read access to * by group="cn=ldapadmins,ou=Groups,dc=intelligraphics,dc=com" write by self write by * read
database bdb suffix "dc=intelligraphics,dc=com" rootdn "cn=Manager,dc=intelligraphics,dc=com" rootpw password
directory /var/lib/ldap
index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq
updatedn="cn=Manager,dc=intelligraphics,dc=com" updateref="ldap://ldap.intelligraphics.com"
Does anyone have any ideas on what to try?
David Browning david.browning@intelligraphics.com