On 24/08/2009 14:16, Jonathan Clarke wrote:
On 20/08/2009 14:39, Brian Neu wrote:
Forgive me if pasting here is bad etiquette.
<consumer slapd.conf>
include /etc/openldap/schema/corba.schema include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/duaconf.schema include /etc/openldap/schema/dyngroup.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/java.schema include /etc/openldap/schema/misc.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/openldap.schema include /etc/openldap/schema/ppolicy.schema include /etc/openldap/schema/collective.schema include /etc/openldap/schema/samba.schema
allow bind_v2
pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args
TLSCACertificateFile /etc/openldap/cacerts/cavictory2.crt TLSCertificateFile /etc/openldap/keys/victory3cert.pem TLSCertificateKeyFile /etc/openldap/keys/victory3key.pem
database hdb suffix "dc=srg,dc=com" checkpoint 1024 15 rootdn "cn=Manager,dc=srg,dc=com"
rootpw {MD5}blah
directory /var/lib/ldap
index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub
syncrepl rid=0 provider=ldap://victory2.srg.com:389 bindmethod=simple starttls=critical binddn="cn=replicator,dc=srg,dc=com" credentials=blah searchbase="dc=srg,dc=com" logbase="cn=accesslog" schemachecking=on type=refreshAndPersist retry="60 +" syncdata=accesslog
I don't see anything wrong with this - although I'm not very familiar with accesslog configuration.
Does the "cn=replicator,dc=srg,dc=com" have full access on the provider to read necessary data?
Please ignore this post - I hadn't seen that the discussion continued already. My mailer displayed it in a separate post, got me confused on a Monday morning :/