From: Kaushal Shriyan kaushalshriyan@gmail.com Sent: Thursday, July 4, 2024 8:59 PM To: openldap-technical@openldap.org Subject: [EXT] Configure multi-master replication OpenLDAP using https://repo.symas.com/soldap2.5/rhel8/
Hi,
I am running OpenLdap server 2.5.18 on Red Hat Enterprise Linux release 8.10 (Ootpa) OS to enable multimaster replication on both nodes (node 1 and node 2). Currently on Node1 I am encountering the ldap_modify: Insufficient access (50) issue
Node1 # rpm -qa | grep openldap symas-openldap-clients-2.5.18-1.el8.x86_64 symas-openldap-servers-selinux-1.0.6-2.el8.noarch openldap-2.4.46-18.el8.x86_64 symas-openldap-servers-2.5.18-1.el8.x86_64 symas-openldap-libs-2.5.18-1.el8.x86_64 # cat /etc/redhat-release Red Hat Enterprise Linux release 8.10 (Ootpa) #
# pwd /opt/symas/etc/openldap # ls -l total 20 -rw-r--r-- 1 symas symas 247 May 23 20:21 ldap.conf.default drwxr-xr-x 2 symas symas 4096 Jun 26 16:02 schema -rw------- 1 symas symas 2901 Jun 27 17:55 slapd.conf -rw------- 1 symas symas 2710 May 23 20:21 slapd.conf.default -rw------- 1 symas symas 2761 May 23 20:21 slapd.ldif.default #
# cat syncprov_mod.ldif dn: cn=module{0},cn=config changetype: modify add: olcModuleLoad olcModuleLoad: syncprov.la
dn: olcOverlay=syncprov,olcDatabase={1}mdb,cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: syncprov
# ldapadd -Y EXTERNAL -H ldapi:/// -f syncprov_mod.ldif SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 modifying entry "cn=module{0},cn=config" ldap_modify: Insufficient access (50) [Windl, Ulrich] (Sorry, Outlook is not good inline-quoting HTML mail) It means that your ldapi:/// URL does not have the rights to modify cn=config. Usually you authenticate with the cn=config user to do that. Also for replication, you probably want to set up a replication user that can read everything…
# Am I missing anything? Please guide me.
Best Regards,
Kaushal