my env is Debian squeeze, OpenLDAP 2.4.17( from packages.debian.org) I create an OpenLDAP Server, and try to config N-Wat multi-master, according to OpenLDAP Admin Guide. i adding init.ldif file on the server , the following is the content
*dn: cn=config objectClass: olcGlobal cn: config olcServerID: 1
dn: olcDatabase={0}config,cn=config* * objectClass: olcDatabaseConfig olcDatabase: {0}config olcRootPW: secret*
and I get error --- "insufficient access" , even if I set "acess to * by * write" in slapd.conf
actually, I don't understand what the guide said.
'''''''''''''
This sets up the config database:
* dn: cn=config objectClass: olcGlobal cn: config olcServerID: 1
dn: olcDatabase={0}config,cn=config objectClass: olcDatabaseConfig olcDatabase: {0}config
olcRootPW: secret*
'''''''''''''''''''''''''''' the above configuration block could not be import in my computer, it is said at the begin.
''''''''''''''''''''''''''''
Now we setup the first Master Node (replace $URI1, $URI2 and $URI3 etc. with your actual ldap urls):
* dn: cn=config changetype: modify replace: olcServerID olcServerID: 1 $URI1 olcServerID: 2 $URI2 olcServerID: 3 $URI3
dn: olcOverlay=syncprov,olcDatabase={0}config,cn=config
changetype: add objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: syncprov
dn: olcDatabase={0}config,cn=config changetype: modify add: olcSyncRepl
olcSyncRepl: rid=001 provider=$URI1 binddn="cn=config" bindmethod=simple credentials=secret searchbase="cn=config" type=refreshAndPersist retry="5 5 300 5" timeout=1
olcSyncRepl: rid=002 provider=$URI2 binddn="cn=config" bindmethod=simple credentials=secret searchbase="cn=config" type=refreshAndPersist retry="5 5 300 5" timeout=1
olcSyncRepl: rid=003 provider=$URI3 binddn="cn=config" bindmethod=simple credentials=secret searchbase="cn=config" type=refreshAndPersist retry="5 5 300 5" timeout=1
- add: olcMirrorMode olcMirrorMode: TRUE*
''''''''''''''''''''''''''''
the configuration block seems conflict with the former, why should I write "olcServerID: 1 $URI1" into LDAP Server if "olcServerID: 1" is right, and why should I not write an entire configuration, but two configuration file which seems conflict separately.
I have set up an unlimit previledge, why LDAP Server report "insufficient access". what previledge should be set.
thanks for help
gtalk:freeespeech@gmail.com gtalk%3Afreeespeech@gmail.com