Hi Christian,
Thank you very much~:)
Can I understand I should change my config as below? If yes, I have a question, other people can see my rootpw, this is not safe, isn’t it ?
moduleload syncprov.la
database bdb
suffix "dc=xxx,dc=xxx"
checkpoint 1024 15
rootdn "cn=manager,dc=xxx,dc=xxx"
rootpw {SSHA}miU6lvcqHnP+bAlZz4DruvOm8DeEczQR
directory /var/lib/ldap/xxx
access to *
by self write
by * read
# Indices to maintain for this database
index objectClass,entryCSN,entryUUID eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
serverID 1 (ldap2 service is 2)
syncrepl rid=001
provider=ldap://other side ip
bindmethod=simple
binddn="cn=manager,dc=xxx,dc=xxx"
credentials=sillypassword
searchbase="dc=xxx,dc=xxx"
schemachecking=on
type=refreshAndPersist
retry="60 +"
mirrormode on
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
Thanks and regards
tiangexuan
-----邮件原件----- 发件人: Christian Kratzer [mailto:ck-lists@cksoft.de] 发送时间: 2014年4月9日 13:49 收件人: 田格瑄 抄送: 'Dieter Klünter'; openldap-technical@openldap.org 主题: Re: 答复: 回复: mirror mode question
Hi,
On Wed, 9 Apr 2014, 田格瑄 wrote:
Hi Dieter,
Thanks for your kindly replies.
In my case, I don't use any SASL. I want to use simple bind, but my mirror mode can't work when my rootpw in hash( if the rootpw is in cleartext , the mirror mode can work). Could you pls advice what is wrong with my configration?
My slapd.conf file set as below.
moduleload syncprov.la
database bdb
suffix "dc=xxx,dc=xxx"
checkpoint 1024 15
rootdn "cn=manager,dc=xxx,dc=xxx"
rootpw {SSHA}aeiyuikahdkfjhdiuvy
1. That is not a hash.
2. use slappasswd to generate the hash as follows
ck@ldap1:~ % slappasswd
New password: sillypassword
Re-enter new password: sillypassword
{SSHA}miU6lvcqHnP+bAlZz4DruvOm8DeEczQR
ck@ldap1:~ %
3. Use the result from slapasswd as your rootpw
rootpw {SSHA}miU6lvcqHnP+bAlZz4DruvOm8DeEczQR
4. Use a different password as you have now posted it to the list in cleartext
credentials={SSHA} aeiyuikahdkfjhdiuvy
5. no. You need to use the cleartext password for replication credentials
credentials=sillypassword
6. you can only hash your rootpw. You will need to use a cleartext password to authenticate.
Greetings
Christian