On Monday, 7 June 2010 07:10:00 owen nirvana wrote:
my env is Debian squeeze, OpenLDAP 2.4.17( from packages.debian.org) I create an OpenLDAP Server, and try to config N-Wat multi-master, according to OpenLDAP Admin Guide. i adding init.ldif file on the server , the following is the content
*dn: cn=config objectClass: olcGlobal cn: config olcServerID: 1
dn: olcDatabase={0}config,cn=config* * objectClass: olcDatabaseConfig olcDatabase: {0}config olcRootPW: secret*
and I get error --- "insufficient access" , even if I set "acess to * by * write" in slapd.conf
One of slapd.conf or this ldif is irrelevant. Only one of them can apply at a time. Please be careful to check how your slapd is being started (e.g. whether -f or -F flags are passed or not etc.).
actually, I don't understand what the guide said.
Maybe you need to read the guide more ...
Also, note that it is not a "HOWTO", but documents how various aspects work, not necessarily just copy-and-paste examples to use without thinking ...
'''''''''''''
This sets up the config database:
* dn: cn=config objectClass: olcGlobal cn: config olcServerID: 1 dn: olcDatabase={0}config,cn=config objectClass: olcDatabaseConfig olcDatabase: {0}config olcRootPW: secret*'''''''''''''''''''''''''''' the above configuration block could not be import in my computer, it is said at the begin.
''''''''''''''''''''''''''''
Now we setup the first Master Node (replace $URI1, $URI2 and $URI3 etc. with your actual ldap urls):
dn: cn=config changetype: modify replace: olcServerID olcServerID: 1 $URI1 olcServerID: 2 $URI2 olcServerID: 3 $URI3
dn: olcOverlay=syncprov,olcDatabase={0}config,cn=config
changetype: add objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: syncprov
dn: olcDatabase={0}config,cn=config changetype: modify add: olcSyncRepl
olcSyncRepl: rid=001 provider=$URI1 binddn="cn=config"
bindmethod=simple credentials=secret searchbase="cn=config" type=refreshAndPersist retry="5 5 300 5" timeout=1
olcSyncRepl: rid=002 provider=$URI2 binddn="cn=config"bindmethod=simple credentials=secret searchbase="cn=config" type=refreshAndPersist retry="5 5 300 5" timeout=1
olcSyncRepl: rid=003 provider=$URI3 binddn="cn=config"bindmethod=simple credentials=secret searchbase="cn=config" type=refreshAndPersist retry="5 5 300 5" timeout=1
- add: olcMirrorMode olcMirrorMode: TRUE*''''''''''''''''''''''''''''
Which DN did you bind as when trying to apply this LDIF? E.g., can you supply the ldapmodify commandline you used?
Note that according to your back-config extract above, you should have bound as cn=config, but you need to check whether you are using slapd.conf or back-config for configuration.
the configuration block seems conflict with the former, why should I write "olcServerID: 1 $URI1" into LDAP Server if "olcServerID: 1" is right, and why should I not write an entire configuration, but two configuration file which seems conflict separately.
If you are doing configuration replication, the different servers need to be able to identify which server ID belongs to them. The means for doing this is providing the URL, which the server will try and match to one of it's listening addresses (e.g. -h option to slapd).
I have set up an unlimit previledge, why LDAP Server report "insufficient access". what previledge should be set.
Probably with good reason, which we can't determine without answers to the questions above.
Regards, Buchan