Eivind Olsen wrote:
Michael Ströder wrote:
49 is "invalidCredentials". Likely either one of the following reasons are causing this:
- entry cn=replicator,ou=admins,ou=internal,o=aminor does not exist
- the password is wrong
- some ACLs reject authentication
That's what puzzles me. I can from both nodes do ldapsearch as the replication user to both nodes, and that part behaves as I'd expect it to (I get a connection with answers, and if I try to connect with the wrong password I get "ldap_bind: Invalid credentials (49)").
dn: olcDatabase={3}hdb,cn=config objectClass: olcDatabaseConfig objectClass: olcHdbConfig olcDatabase: {3}hdb olcDbDirectory: /usr/local/openldap/var/openldap-data/radius olcSuffix: ou=radius,ou=no,o=aminor
olcSyncrepl: {0}rid=005 provider=ldap://ldap01-testing.aminor.no binddn ="cn=replicator,ou=admins,ou=internal,o=aminor" bindmethod=simple credent ials=<REPLICATOR-password> searchbase="ou=radius,ou=no,o=aminor" type=refreshAndPersis t retry="5 5 5 +" timeout=3 olcSyncrepl: {1}rid=006 provider=ldap://ldap02-testing.aminor.no binddn ="cn=replicator,ou=admins,ou=internal,o=aminor" bindmethod=simple credent ials=<REPLICATOR-password> searchbase="ou=radius,ou=no,o=aminor" type=refreshAndPersi st retry="5 5 5 +" timeout=3
Clearly you have a mistake in the password of one of these two lines, because if they were identical they would be identical in length, but they wrap the "refreshAndPersist" in two different positions.