Hi all,
This is Eileen from China SINAP. I am a beginner for openldap soft. I encountered a problem in my study on two LDAP services replication.
I have 2 LDAP services, one name LDPA1, the other is LDAP2 . I want to make them synchronously in mirror mode. But when I set LDAP services rootpw both in hash, the 2 LDAP serivces can’t be synchronous.
My question is
1. if I set my rootpw in hash, my bindmethod must be SASL? If I must use sasl method, can I put the sasl service in the same ldap service? If bindmethod=sasl then what is the saslmech should be?
2. If I change to sasl method, do I need change my database record?
My slapd.conf file set as below, could you pls advice which place I should fix?
moduleload syncprov.la
database bdb
suffix "dc=xxx,dc=xxx"
checkpoint 1024 15
rootdn "cn=xxx,dc=xxx,dc=xxx"
rootpw {SSHA}cXUVsI2kuKNK9kjCagWtvraossyAKuhX
directory /var/lib/ldap/xxx
access to *
by self write
by * read
# Indices to maintain for this database
index objectClass,entryCSN,entryUUID eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
serverID 1 (ldap2 service is 2)
syncrepl rid=111
provider=ldap://other side ip
bindmethod=sasl
saslmech=ssha
authcid=?
Authzid=?
Realm=?
binddn="cn=xxx,dc=xxx,dc=xxx"
credentials={SSHA}cXUVsI2kuKNK9kjCagWtvraossyAKuhX
searchbase="dc=xxx,dc=xxx"
schemachecking=on
type=refreshAndPersist
retry="60 +"
mirrormode on
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
My database record just like below:
dn: cn=tiangexuan,ou=users,dc=xxx,dc=xxx
cn: tiangexuan
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson
sn: tiangexuan
uid: tiangexuan
uidNumber: 10001
gidNumber: 90001
homeDirectory: /home/tiangexuan
loginShell: /bin/bash
userPassword: calvin
Best wishes & regrads
Eileen