Hi Can I write this question here ?
I did at https://linuxlasse.net/linux/howtos/OpenLDAP_N-Way_MultiMaster_Replication Everything works. But passwords are not replicated. How to configure password replication?
--On Wednesday, January 29, 2020 7:08 PM +0000 Клеусов Владимир Сергеевич Kleusov.Vladimir@wildberries.ru wrote:
Hi Can I write this question here ?
I did at https://linuxlasse.net/linux/howtos/OpenLDAP_N-Way_MultiMaster_Replicatio n Everything works. But passwords are not replicated. How to configure password replication?
Hello,
This generally occurs when your ACLs deny read access to the userPassword attribute for the replication use. I would suggest examining your ACLs.
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
Funny. And according to that instruction, there was nothing about the ACL: =)
Now can I create an acl without breaking replication ?
29 янв. 2020 г., в 23:02, Quanah Gibson-Mount quanah@symas.com написал(а):
--On Wednesday, January 29, 2020 7:08 PM +0000 Клеусов Владимир Сергеевич Kleusov.Vladimir@wildberries.ru wrote:
Hi Can I write this question here ?
I did at https://linuxlasse.net/linux/howtos/OpenLDAP_N-Way_MultiMaster_Replicatio n Everything works. But passwords are not replicated. How to configure password replication?
Hello,
This generally occurs when your ACLs deny read access to the userPassword attribute for the replication use. I would suggest examining your ACLs.
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
--On Wednesday, January 29, 2020 8:07 PM +0000 Клеусов Владимир Сергеевич Kleusov.Vladimir@wildberries.ru wrote:
Funny. And according to that instruction, there was nothing about the ACL: =)
Now can I create an acl without breaking replication ?
Your configuration clearly comes with pre-defined ACLs. You need to appropriately modify said ACLs. As you have not provided your ACLs, there's not much help that can be offered.
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
dn: olcDatabase={1}mdb,cn=config objectClass: olcDatabaseConfig objectClass: olcMdbConfig olcDatabase: {1}mdb olcDbDirectory: /var/lib/ldap olcSuffix: dc=domain,dc=com olcAccess: {0}to attrs=userPassword by self write by anonymous auth by * non e olcAccess: {1}to attrs=shadowLastChange by self write by * read olcAccess: {2}to * by * read olcLastMod: TRUE olcRootDN: cn=admin,dc=domain,dc=com olcRootPW:: e1NTSEF9UThYdWNWY1BwMldsd1l3VGxtRkhWYWlrVVN5Y0hBUnk=
Начало переадресованного сообщения:
Отправитель: Quanah Gibson-Mount <quanah@symas.commailto:quanah@symas.com> Тема: Ответ: MultiMaster replication password Дата: 30 января 2020 г. в 00:17:00 GMT+3 Кому: Клеусов Владимир Сергеевич <Kleusov.Vladimir@wildberries.rumailto:Kleusov.Vladimir@wildberries.ru>, <openldap-technical@openldap.orgmailto:openldap-technical@openldap.org> Ответ-Кому: Quanah Gibson-Mount <quanah@symas.commailto:quanah@symas.com>
--On Wednesday, January 29, 2020 8:07 PM +0000 Клеусов Владимир Сергеевич <Kleusov.Vladimir@wildberries.rumailto:Kleusov.Vladimir@wildberries.ru> wrote:
Funny. And according to that instruction, there was nothing about the ACL: =)
Now can I create an acl without breaking replication ?
Your configuration clearly comes with pre-defined ACLs. You need to appropriately modify said ACLs. As you have not provided your ACLs, there's not much help that can be offered.
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
--On Friday, January 31, 2020 12:41 PM +0000 Клеусов Владимир Сергеевич Kleusov.Vladimir@wildberries.ru wrote:
olcAccess: {0}to attrs=userPassword by self write by anonymous auth by * non e
This ACL clearly prevents the replication user from being able to read the userPassword attribute. You need to update the ACL so that the replication user has read access.
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
New version dn: olcDatabase={1}mdb,cn=config changetype: modify add: olcSyncRepl olcSyncRepl: rid=001 provider=ldaps://ldap1.domain.com searchbase=«dc=domain,dc=com" bindmethod=simple binddn="cn=admin,dc=domain,dc=com" credentials=5fX?BLR2 tls_reqcert=allow type=refreshAndPersist retry="30+ timeout=1 olcSyncRepl: rid=002 provider=ldaps://ldap2.domain.com searchbase=«dc=domain,dc=com" bindmethod=simple binddn="cn=admin,dc=domain,dc=com" credentials=5fX?BLR2 tls_reqcert=allow type=refreshAndPersist retry="30+" timeout=1 - add: olcMirrorMode olcMirrorMode: TRUE
That is, I want to replicate the database using admin. But there is an error <olcMirrorMode> database is not a shadow .
How do I fix it ? )
31 янв. 2020 г., в 15:41, Клеусов Владимир Сергеевич <Kleusov.Vladimir@wildberries.rumailto:Kleusov.Vladimir@wildberries.ru> написал(а):
dn: olcDatabase={1}mdb,cn=config objectClass: olcDatabaseConfig objectClass: olcMdbConfig olcDatabase: {1}mdb olcDbDirectory: /var/lib/ldap olcSuffix: dc=domain,dc=com olcAccess: {0}to attrs=userPassword by self write by anonymous auth by * non e olcAccess: {1}to attrs=shadowLastChange by self write by * read olcAccess: {2}to * by * read olcLastMod: TRUE olcRootDN: cn=admin,dc=domain,dc=com olcRootPW:: e1NTSEF9UThYdWNWY1BwMldsd1l3VGxtRkhWYWlrVVN5Y0hBUnk=
Начало переадресованного сообщения:
Отправитель: Quanah Gibson-Mount <quanah@symas.commailto:quanah@symas.com> Тема: Ответ: MultiMaster replication password Дата: 30 января 2020 г. в 00:17:00 GMT+3 Кому: Клеусов Владимир Сергеевич <Kleusov.Vladimir@wildberries.rumailto:Kleusov.Vladimir@wildberries.ru>, <openldap-technical@openldap.orgmailto:openldap-technical@openldap.org> Ответ-Кому: Quanah Gibson-Mount <quanah@symas.commailto:quanah@symas.com>
--On Wednesday, January 29, 2020 8:07 PM +0000 Клеусов Владимир Сергеевич <Kleusov.Vladimir@wildberries.rumailto:Kleusov.Vladimir@wildberries.ru> wrote:
Funny. And according to that instruction, there was nothing about the ACL: =)
Now can I create an acl without breaking replication ?
Your configuration clearly comes with pre-defined ACLs. You need to appropriately modify said ACLs. As you have not provided your ACLs, there's not much help that can be offered.
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.comhttp://www.symas.com/>
--On Monday, February 3, 2020 1:20 PM +0000 Клеусов Владимир Сергеевич Kleusov.Vladimir@wildberries.ru wrote:
That is, I want to replicate the database using admin. But there is an error <olcMirrorMode> database is not a shadow .
So I'm not sure what your intent here is. I said to fix your ACLs so they are correct, and you return completely unrelated information about your syncrepl configuration. Did you fix your ACLs to be correct, yes or no?
The syncrepl error is likely related to the fact that you appear to have failed to configure a non-zero serverID which is mandatory for multimaster replication, as documented.
--Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
openldap-technical@openldap.org
-
Quanah Gibson-Mount -
Клеусов Владимир Сергее вич -
Клеусов Владимир Сергеевич