Hi Dieter,
Password was created with slappasswd, and I know it's ok, because I can use ldapsearch, ldapmodify etc, to search, check etc, it's stored in the config in {SSHA} format, but presented in the olcSynRepl line in cleartext. (It's not actually $PASS, I'm just stupidly paranoid about passwords) Here's the (partial) output from searching for it:
# {0}config, config dn: olcDatabase={0}config,cn=config olcRootPW: {SSHA}wm6t06uLEx1nzsGHT/VJc4g3whG4ihVZ
and yes, olcReadOnly is false...
dn: cn=config olcReadOnly: FALSE
Alister
On 06 Sep 2010, at 09:14, Dieter Kluenter wrote:
OK I don't see anything obvious
On 03 Sep 2010, at 15:55, Dieter Kluenter wrote:
Am Fri, 3 Sep 2010 14:25:51 +0200 schrieb Alister Forbes a@cisco.com:
All,
My situation is that I'm trying to get replication working between two instances of openldap 2.4.23, both running on RHEL5, both built with the same options, and db built under them with the same options, and both OS instances are the same (cloned VMs)
I can see the two slapd's trying to communicate, but athough the passwords supplied in 'credentials' are definitely correct, I keep seeing the err=49 in the logs below
How did you create the password and which hashing scheme did you use? It seems that the userpassword hashed value does not match the presented value.
I've been struggling with this for days now.. can anyone give me a hint what I've messed up?
Also, I'm not sure if it's related, but I now can't change anything in the servers configs directly, I keep getting -
ldap_modify: Server is unwilling to perform (53) additional info: shadow context; no update referral
Please check if oclReadOnly: is set to FALSE
[...]
-- Alister Forbes Work: +32 2 704 5762 Internal: 322 5762 a@cisco.com TACSUNS _.|._.|._ Cisco Systems
Please avoid sending me Word or PowerPoint attachments. See - http://www.gnu.org/philosophy/no-word-attachments.html