Hello everyone.
I have a big problem releated to 2 OpenLdap configured in N-Way Multi-Master Configuration. My problem isn't on replication, that works, but on authenticating users on DIT !!!
Infact when an user tries to simply authenticate himself on DIT with
ldapsearch -x -D 'uid=example@gmail.com,ou=people,dc=example,dc=com' -w 'password'
he receives an
ldap_bind: Invalid credentials (49) error.
Disabling configurations for multi master replication the same user is able to search on DIT.
Following there is one slapd.conf of server 1...
allow bind_anon_dn # Schema and objectClass definitions include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/inetorgperson.schema # Additional schemas pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args # Read slapd.conf(5) for possible values loglevel 0 modulepath /usr/lib64/openldap moduleload syncprov.la serverID 001 backend bdb # FIXME: puppet database bdb suffix "dc=example,dc=com" directory /var/lib/ldap rootdn "cn=admin,dc=example,dc=com" rootpw password
checkpoint 512 30 dbconfig set_cachesize 0 2097152 0 dbconfig set_lk_max_objects 1500 dbconfig set_lk_max_locks 1500 dbconfig set_lk_max_lockers 1500 #allows read access from all consumers access to * by dn.base="cn=admin,dc=example,dc=com" read by * break syncrepl rid=000 provider=ldap://ldap-be2 type=refreshAndPersist retry="5 5 300 +" searchbase="dc=example,dc=com" attrs="*,+" bindmethod=simple binddn="cn=admin,dc=example,dc=com" credentials=password ########################################################### index objectclass eq index entryCSN eq index entryUUID eq index uidNumber eq index gidNumber eq index cn pres,sub,eq index sn pres,sub,eq index uid pres,sub,eq index displayName pres,sub,eq # mirror mode essential to allow writes #and must appear after all syncrepl directives mirrormode TRUE # define the provider to use the syncprov overlay # (last directives in database section) overlay syncprov # # contextCSN saved to database every 100 updates or ten minutes syncprov-checkpoint 100 10
Slap.conf of 2th server is a copy of this with different serverID and provider.
Every hint will be a bless.
Best regards. F.
Francesco Pocci
Open Reply Viale Regina Margherita, 8 00198 - Roma - ITALY phone: +39 06 844341 f.pocci@reply.itmailto:f.pocci@reply.it www.reply.it
[Open Reply]
________________________________
-- The information transmitted is intended for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer.
openldap-technical@openldap.org