Hello everyone.

 

I have a big problem releated to 2 OpenLdap configured in N-Way Multi-Master Configuration.

My problem isn’t on replication, that works, but on authenticating users on DIT !!!

 

Infact when an user tries to simply authenticate himself on DIT with

 

ldapsearch -x -D 'uid=example@gmail.com,ou=people,dc=example,dc=com' -w 'password'

 

he receives an

 

ldap_bind: Invalid credentials (49) error.

 

Disabling configurations for multi master replication the same user is able to search on DIT.

 

Following there is one slapd.conf of server 1…

 

allow bind_anon_dn

# Schema and objectClass definitions

include         /etc/openldap/schema/core.schema

include         /etc/openldap/schema/cosine.schema

include         /etc/openldap/schema/nis.schema

include         /etc/openldap/schema/inetorgperson.schema

# Additional schemas

pidfile         /var/run/openldap/slapd.pid

argsfile        /var/run/openldap/slapd.args

# Read slapd.conf(5) for possible values

loglevel        0

modulepath      /usr/lib64/openldap

moduleload     syncprov.la

serverID 001

backend         bdb

# FIXME: puppet

database        bdb

suffix          "dc=example,dc=com"

directory       /var/lib/ldap

rootdn          "cn=admin,dc=example,dc=com"

rootpw          password

 

checkpoint   512 30

dbconfig set_cachesize      0 2097152 0

dbconfig set_lk_max_objects 1500

dbconfig set_lk_max_locks   1500

dbconfig set_lk_max_lockers 1500

#allows read access from all consumers

access to *

     by dn.base="cn=admin,dc=example,dc=com" read

     by * break

syncrepl rid=000

     provider=ldap://ldap-be2

     type=refreshAndPersist

     retry="5 5 300 +"

     searchbase="dc=example,dc=com"

     attrs="*,+"

     bindmethod=simple

     binddn="cn=admin,dc=example,dc=com"

     credentials=password

###########################################################

index objectclass  eq

index entryCSN     eq

index entryUUID    eq

index uidNumber    eq

index gidNumber    eq

index cn           pres,sub,eq

index sn           pres,sub,eq

index uid          pres,sub,eq

index displayName  pres,sub,eq

# mirror mode essential to allow writes

#and must appear after all syncrepl directives

mirrormode TRUE

# define the provider to use the syncprov overlay

# (last directives in database section)

overlay syncprov

# # contextCSN saved to database every 100 updates or ten minutes

syncprov-checkpoint 100 10

 

Slap.conf of 2th server is a copy of this with different serverID and provider.

 

Every hint will be a bless.

 

Best regards.

F.



Francesco Pocci

Open Reply
Viale Regina Margherita, 8
00198 - Roma - ITALY
phone: +39 06 844341
f.pocci@reply.it
www.reply.it

Open Reply
 



--
The information transmitted is intended for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer.