Hi,
http://pastebin.de/41448
-Dieter
Am Wed, 5 Mar 2014 22:04:05 +0800
schrieb "Eileen(=^ω^=)" <123784635(a)qq.com>:
Hi Michael and Dieter,
Thanks for your kindly replies.
In my case, I didn't use any SASL or TLS but "simple" method with
operation mode of user/password authenticated. However, I need the
rootpw hashed (not cleartext) and the 2 servers (master & slave)
synchronized. Could you pls advise how i should modify the syncrepl
part? or could you pls provide a sample of the slapd.conf file
configuration?
Best regards,
Eileen
------------------ 原始邮件 ------------------
发件人: "Michael Ströder";<michael(a)stroeder.com>;
发送时间: 2014年3月5日(星期三) 下午4:09
收件人: "Dieter Klünter"<dieter(a)dkluenter.de>;
"openldap-technical"<openldap-technical(a)openldap.org>;
主题: Re: mirror mode & sasl question
Dieter Klünter wrote:
> Am Wed, 5 Mar 2014 14:38:04 +0800
> schrieb "Eileen(=^ω^=)" <123784635(a)qq.com>:
>> This is Eileen from China SINAP. I am a beginner for openldap
>> soft. I encountered a problem in my study on two LDAP services
>> replication. I have 2 LDAP services, one name LDPA1, the other is
>> LDAP2 . I want to make them synchronously in mirror mode. But when
>> I set LDAP services rootpw both in hash, the 2 LDAP serivces can’t
>> be synchronous. My question is
>> 1. if I set my rootpw in hash, my bindmethod must be SASL? If
>> I must use sasl method, can I put the sasl service in the same ldap
>> service? If bindmethod=sasl then what is the saslmech should be?
>> 2. If I change to sasl method, do I need change my database
>> record?
>
> In order to use sasl, passwords must be cleartext and you should
> configure an apropriate authz-regexp, see man slapd.conf(5)
> You may use any sasl mechanism that you sasl framework provides.
> [...]
To be more precise: In order to use password-based SASL mechs the
passwords have to be stored in clear-text.
Well, if working with SASL and TLS (LDAPS, StartTLS) one should
consider using client certs and SASL/EXTERNAL for replication.
Ciao, Michael.
--
Dieter Klünter | Systemberatung
http://sys4.de
GPG Key ID: E9ED159B
53°37'09,95"N
10°08'02,42"E