I'm receiving the following error on my consumer, using logging -d stats + args + trace + sync 2> /var/log/ldap
@(#) $OpenLDAP: slapd 2.4.22 (May 21 2010 12:10:42) $ @cambridge:/usr/local/openldap-2.4.22/servers/slapd slapd starting slap_client_connect: URI=ldap://oxford.unix1.city.ac.uk:389 DN="cn=replicator,dc=city,dc=ac,dc=uk" ldap_sasl_bind_s failed (49)
I can see from the documentation that my consumer is not authenticating to my provider, but I can't see what the error is. If any other info would help please let me know.
I have created the uid for replicator and repeated this search with the 'access to attrs=userPassword' line commented out on the provider to ensure that the userPassword for replicator is clear text 'secret'. I can also perform this search from the consumer successfully.
ldapsearch -x -b dc=city,dc=ac,dc=uk uid=replicator version: 1 dn: uid=replicator,ou=users,dc=city,dc=ac,dc=uk objectClass: person objectClass: posixAccount objectClass: inetOrgPerson sn: replicator cn: replicator uid: replicator uidNumber: 22258 gidNumber: 22258 homeDirectory: /export/home/replicator userPassword: secret displayName: replicator mail: None labeledURI: None description: openLDAP replication id
Consumer ldap.conf:
database bdb suffix "dc=city,dc=ac,dc=uk" rootdn "cn=DSAmgr,dc=city,dc=ac,dc=uk" rootpw {CRYPT}******* directory /var/opt/csw/openldap-data index default pres,eq,sub index objectClass eq index cn index sn index uid access to attrs=userPassword by anonymous auth by * none
access to * by * read index entryUUID eq syncrepl rid=0 provider=ldap://oxford.unix1.city.ac.uk:389 bindmethod=simple binddn="cn=replicator,dc=city,dc=ac,dc=uk" credentials=secret searchbase="dc=city,dc=ac,dc=uk" logbase="cn=accesslog" logfilter="(&(objectClass=auditWriteObject)(reqResult=0))" schemachecking=on type=refreshAndPersist retry="60 +" syncdata=accesslog updateref ldap://oxford.unix1.city.ac.uk database monitor
Provider ldap.conf: database bdb suffix "dc=city,dc=ac,dc=uk" rootdn "cn=DSAmgr,dc=city,dc=ac,dc=uk" rootpw {CRYPT}aZmvWMwFgg.vk
directory /var/opt/csw/openldap-data index default pres,eq,sub index objectClass eq index cn index sn index uid access to * by dn.base="cn=replicator,dc=city,dc=ac,dc=uk" read by * break
access to attrs=userPassword by anonymous auth by * none
access to * by * read
modulepath /usr/local/openldap-2.4.22 moduleload back_bdb.la moduleload accesslog.la moduleload syncprov.la database bdb suffix cn=accesslog directory /var/opt/csw/accesslog rootdn cn=accesslog index default eq index objectClass,reqEnd,reqResult,reqStart
overlay syncprov syncprov-nopresent TRUE syncprov-reloadhint TRUE limits dn.exact="cn=replicator,dc=city,dc=ac,dc=uk" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited # database bdb # suffix "dc=dc=city,dc=ac,dc=uk" # rootdn "cn=DSAmgr,dc=city,dc=ac,dc=uk" index entryCSN eq index entryUUID eq overlay syncprov syncprov-checkpoint 1000 60 overlay accesslog logdb cn=accesslog logops writes logsuccess TRUE logpurge 99+00:00 00+00:01
# Let the replica DN have limitless searches limits dn.exact="cn=replicator,dc=city,dc=ac,dc=uk" time.soft=unlimited time.hard=unlimited size.soft=unlimited size.hard=unlimited database monitor