Hello everyone.
I have a big problem releated to 2 OpenLdap configured in N-Way Multi-Master
Configuration.
My problem isn't on replication, that works, but on authenticating users on DIT !!!
Infact when an user tries to simply authenticate himself on DIT with
ldapsearch -x -D 'uid=example(a)gmail.com,ou=people,dc=example,dc=com' -w
'password'
he receives an
ldap_bind: Invalid credentials (49) error.
Disabling configurations for multi master replication the same user is able to search on
DIT.
Following there is one slapd.conf of server 1...
allow bind_anon_dn
# Schema and objectClass definitions
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/inetorgperson.schema
# Additional schemas
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
# Read slapd.conf(5) for possible values
loglevel 0
modulepath /usr/lib64/openldap
moduleload syncprov.la
serverID 001
backend bdb
# FIXME: puppet
database bdb
suffix "dc=example,dc=com"
directory /var/lib/ldap
rootdn "cn=admin,dc=example,dc=com"
rootpw password
checkpoint 512 30
dbconfig set_cachesize 0 2097152 0
dbconfig set_lk_max_objects 1500
dbconfig set_lk_max_locks 1500
dbconfig set_lk_max_lockers 1500
#allows read access from all consumers
access to *
by dn.base="cn=admin,dc=example,dc=com" read
by * break
syncrepl rid=000
provider=ldap://ldap-be2
type=refreshAndPersist
retry="5 5 300 +"
searchbase="dc=example,dc=com"
attrs="*,+"
bindmethod=simple
binddn="cn=admin,dc=example,dc=com"
credentials=password
###########################################################
index objectclass eq
index entryCSN eq
index entryUUID eq
index uidNumber eq
index gidNumber eq
index cn pres,sub,eq
index sn pres,sub,eq
index uid pres,sub,eq
index displayName pres,sub,eq
# mirror mode essential to allow writes
#and must appear after all syncrepl directives
mirrormode TRUE
# define the provider to use the syncprov overlay
# (last directives in database section)
overlay syncprov
# # contextCSN saved to database every 100 updates or ten minutes
syncprov-checkpoint 100 10
Slap.conf of 2th server is a copy of this with different serverID and provider.
Every hint will be a bless.
Best regards.
F.
Francesco Pocci
Open Reply
Viale Regina Margherita, 8
00198 - Roma - ITALY
phone: +39 06 844341
f.pocci@reply.it<mailto:f.pocci@reply.it>
www.reply.it
[Open Reply]
________________________________
--
The information transmitted is intended for the person or entity to which it is addressed
and may contain confidential and/or privileged material. Any review, retransmission,
dissemination or other use of, or taking of any action in reliance upon, this information
by persons or entities other than the intended recipient is prohibited. If you received
this in error, please contact the sender and delete the material from any computer.