Hi all£¬
This
is Eileen from China SINAP. I am a beginner for openldap soft. I encountered a
problem in my study on two LDAP services replication.
I
have 2 LDAP services, one name LDPA1, the other is LDAP2 . I want to make them
synchronously in mirror mode. But when I set LDAP services rootpw both in hash,
the 2 LDAP serivces can¡¯t be synchronous.
My
question is
1. if I set my rootpw in hash, my bindmethod must be SASL? If I
must use sasl method, can I put the sasl service in the same ldap service? If
bindmethod=sasl then what is the saslmech should be?
2. If I change to sasl method, do I need change my database record?
My
slapd.conf file set as below, could you pls advice which place I should fix?
moduleload
syncprov.la
database
bdb
suffix
"dc=xxx,dc=xxx"
checkpoint
1024 15
rootdn
"cn=xxx,dc=xxx,dc=xxx"
rootpw
{SSHA}cXUVsI2kuKNK9kjCagWtvraossyAKuhX
directory
/var/lib/ldap/xxx
access
to *
by self write
by * read
#
Indices to maintain for this database
index
objectClass,entryCSN,entryUUID
eq,pres
index
ou,cn,mail,surname,givenname eq,pres,sub
index
uidNumber,gidNumber,loginShell eq,pres
index
uid,memberUid
eq,pres,sub
index
nisMapName,nisMapEntry
eq,pres,sub
serverID
1 (ldap2 service is 2)
syncrepl
rid=111
provider=ldap://other side ip
bindmethod=sasl
saslmech=ssha
authcid=?
Authzid=?
Realm=?
binddn="cn=xxx,dc=xxx,dc=xxx"
credentials={SSHA}cXUVsI2kuKNK9kjCagWtvraossyAKuhX
searchbase="dc=xxx,dc=xxx"
schemachecking=on
type=refreshAndPersist
retry="60 +"
mirrormode
on
overlay
syncprov
syncprov-checkpoint
100 10
syncprov-sessionlog
100
My database record just
like below:
dn:
cn=tiangexuan,ou=users,dc=xxx,dc=xxx
cn:
tiangexuan
objectClass:
posixAccount
objectClass:
shadowAccount
objectClass:
inetOrgPerson
sn:
tiangexuan
uid:
tiangexuan
uidNumber:
10001
gidNumber:
90001
homeDirectory:
/home/tiangexuan
loginShell:
/bin/bash
userPassword:
calvin
Best wishes & regrads
Eileen