Am Wed, 19 Nov 2014 07:38:02 +0000 (UTC) schrieb wailok tam wailoktam@yahoo.com:
Hi, I am new to ldap. I am following the book "Mastering Openldap" to set up replication but I am getting the error given in the title when I start the slave with "splad -d sync" . Replication does not work.
slapd.conf of the Master: include /etc/openldap/schema/core.schemainclude /etc/openldap/schema/cosine.schemainclude /etc/openldap/schema/inetorgperson.schemainclude /etc/openldap/schema/nis.schemainclude /etc/openldap/schema/samba.schema
#modulepath /usr/lib/openldap#moduleload syncprov.la # Allow LDAPv2 client connections. This is NOT the default.allow bind_v2 # Do not enable referrals until AFTER you have a working directory# service AND an understanding of referrals.#referral ldap://root.openldap.org pidfile /var/run/openldap/slapd.pidargsfile /var/run/openldap/slapd.args #sasl-realm ier.hit-u.ac.jp#sasl-host localhost#authz-regexp uid=([^,]*),cn=ier.hit-u.ac.jp,cn=DIGEST-MD5,cn=auth cn=$1,dc=ier,dc=hit-u,dc=ac,dc=jp ######################################################################## ldbm and/or bdb database definitions####################################################################### database bdbsuffix "dc=ier,dc=hit-u,dc=ac,dc=jp"rootdn "cn=root,dc=ier,dc=hit-u,dc=ac,dc=jp"#rootpw {MD5}x1Ktlhm0p7RPnl/G01rhTQ==rootpw secret#password-hash {MD5}directory /var/lib/ldap TLSCACertificateFile /usr/share/ssl/certs/nii-odca2.crtTLSCertificateFile /usr/share/ssl/certs/mail.ier.hit-u.ac.jp.crtTLSCertificateKeyFile /usr/share/ssl/certs/mail.ier.hit-u.ac.jp.key overlay syncprovsyncprov-checkpoint 50 10syncprov-sessionlog 100 # Indices to maintain for this databaseindex objectClass eq,presindex ou,cn,mail,surname,givenname eq,pres,subindex uidNumber,gidNumber,loginShell eq,presindex uid,memberUid eq,pres,subindex nisMapName,nisMapEntry eq,pres,subindex entryCSN,entryUUID eq idlcachesize 1000
access to attrs=userPassword by self write by dn="cn=root,dc=ier,dc=hit-u,dc=ac,dc=jp" write by dn="cn=dovecot,dc=ier,dc=hit-u,dc=ac,dc=jp" read by dn.exact="cn=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp" read by anonymous auth by * none
access to attrs=SambaLMPassword,SambaNTPassword by dn="cn=root,dc=ier,dc=hit-u,dc=ac,dc=jp" write by dn="cn=dovecot,dc=ier,dc=hit-u,dc=ac,dc=jp" read by dn.exact="cn=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp" read by self read by anonymous auth by * none access to * by self write by dn="cn=root,dc=ier,dc=hit-u,dc=ac,dc=jp" write by dn.exact="cn=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp" read by * read
sladp.conf of the slave: include /etc/openldap/schema/core.schemainclude /etc/openldap/schema/cosine.schemainclude /etc/openldap/schema/inetorgperson.schemainclude /etc/openldap/schema/nis.schemainclude /etc/openldap/schema/samba.schema # Allow LDAPv2 client connections. This is NOT the default.allow bind_v2 # Do not enable referrals until AFTER you have a working directory# service AND an understanding of referrals.#referral ldap://root.openldap.org pidfile /var/run/openldap/slapd.pidargsfile /var/run/openldap/slapd.args ######################################################################## ldbm and/or bdb database definitions####################################################################### database bdbsuffix "dc=ier,dc=hit-u,dc=ac,dc=jp"#rootdn "cn=root,dc=ier,dc=hit-u,dc=ac,dc=jp"rootdn "cn=replicator,dc=ier,dc=hit-u,dc=ac,dc=jp"#rootpw {MD5}x1Ktlhm0p7RPnl/G01rhTQ==rootpw secretofreplicator #password-hash {MD5}directory /var/lib/ldap#TLSCACertificateFile /usr/share/ssl/certs/nii-odca2.crt#TLSCertificateFile /usr/share/ssl/certs/mail.ier.hit-u.ac.jp.crt#TLSCertificateKeyFile /usr/share/ssl/certs/mail.ier.hit-u.ac.jp.key
# Replicas of this database#updatedn cn=replicator,dc=ier,dc=hit-u,dc=ac,dc=jp#updateref uri=ldap://192.168.84.22 # Indices to maintain for this databaseindex objectClass eq,presindex ou,cn,mail,surname,givenname eq,pres,subindex uidNumber,gidNumber,loginShell eq,presindex uid,memberUid eq,pres,subindex nisMapName,nisMapEntry eq,pres,subindex entryCSN,entryUUID eq idlcachesize 1000
#access to attrs=userPassword# by dn="cn=replicator,dc=ier,dc=hit-u,dc=ac,dc=jp" write# by self write# by anonymous auth# by * none
#access to * # by dn="cn=replicator,dc=ier,dc=hit-u,dc=ac,dc=jp" write# by self write# by * read
#loglevel stats sync syncrepl rid=001 provider=ldap://mail.ier.hit-u.ac.jp type=refreshAndPersist interval=00:00:05:00 searchbase="dc=ier,dc=hit-u,dc=ac,dc=jp" binddn="uid=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp" bindmethod=simple# bindmethod=sasl saslmech=DIGEST-MD5# authcid=replicator credentials=secretofreplicator updateref ldap://mail.ier.hit-u.ac.jp/
*****************************************************************************************what puzzles me is that: I try on the slave to access the master withldapsearch -x -H ldap://mail.ier.hit-u.ac.jp -W -D 'cn=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp' '(uid=someone)' and it works. What is wrong? I really need your help.
The master configuration is wrong. Configuration of slapd.conf has to follow a defined order, that is:
- global configuration parameters - global specific overlays parameters - first database specific configuration parameters - first database specific overlays configuration parameters - second database specific configuration parameters - second database specific overlays configuration parameters
-Dieter