N-Way Multi-Master authentication problem - openldap-technical

3 Oct 2014


      Hello everyone.
I have a big problem releated to 2 OpenLdap configured in N-Way Multi-Master Configuration.
My problem isn't on replication, that works, but on authenticating users on DIT !!!
Infact when an user tries to simply authenticate himself on DIT with
ldapsearch -x -D 'uid=example@gmail.com,ou=people,dc=example,dc=com' -w 'password'
he receives an
ldap_bind: Invalid credentials (49) error.
Disabling configurations for multi master replication the same user is able to search on DIT.
Following there is one slapd.conf of server 1...
allow bind_anon_dn
# Schema and objectClass definitions
include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/nis.schema
include         /etc/openldap/schema/inetorgperson.schema
# Additional schemas
pidfile         /var/run/openldap/slapd.pid
argsfile        /var/run/openldap/slapd.args
# Read slapd.conf(5) for possible values
loglevel        0
modulepath      /usr/lib64/openldap
moduleload     syncprov.la
serverID 001
backend         bdb
# FIXME: puppet
database        bdb
suffix          "dc=example,dc=com"
directory       /var/lib/ldap
rootdn          "cn=admin,dc=example,dc=com"
rootpw          password
checkpoint   512 30
dbconfig set_cachesize      0 2097152 0
dbconfig set_lk_max_objects 1500
dbconfig set_lk_max_locks   1500
dbconfig set_lk_max_lockers 1500
#allows read access from all consumers
access to *
     by dn.base="cn=admin,dc=example,dc=com" read
     by * break
syncrepl rid=000
     provider=ldap://ldap-be2
     type=refreshAndPersist
     retry="5 5 300 +"
     searchbase="dc=example,dc=com"
     attrs="*,+"
     bindmethod=simple
     binddn="cn=admin,dc=example,dc=com"
     credentials=password
###########################################################
index objectclass  eq
index entryCSN     eq
index entryUUID    eq
index uidNumber    eq
index gidNumber    eq
index cn           pres,sub,eq
index sn           pres,sub,eq
index uid          pres,sub,eq
index displayName  pres,sub,eq
# mirror mode essential to allow writes
#and must appear after all syncrepl directives
mirrormode TRUE
# define the provider to use the syncprov overlay
# (last directives in database section)
overlay syncprov
# # contextCSN saved to database every 100 updates or ten minutes
syncprov-checkpoint 100 10
Slap.conf of 2th server is a copy of this with different serverID and provider.
Every hint will be a bless.
Best regards.
F.
Francesco Pocci
Open Reply
Viale Regina Margherita, 8
00198 - Roma - ITALY
phone: +39 06 844341
f.pocci@reply.itmailto:f.pocci@reply.it
www.reply.it
[Open Reply]
________________________________
--
The information transmitted is intended for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer.