Hello,
For syncrepl to work do we need to enable the sasl? I had the sasl disabled and configured to replicate using simple bindmethod, with the following config: syncrepl rid=001 provider=ldap://ldap2.example.com type=refreshAndPersist retry="5 5 300 +" searchbase="o=tld" bindmethod=simple binddn="uid=admin,ou=users,o=tld" credentials=password schemachecking=on
but I get the following error:
slap_client_connect: URI=ldap://ldap2.example.com DN="uid=admin,ou=users,o=tld" ldap_sasl_bind_s failed (-1)
However, I can bind and search entries both in cn=config and o=tld from command line using the above binddn and credentials.
Thanks
--On Friday, March 02, 2012 7:53 PM -0800 "S.A." qmt9z3@yahoo.com wrote:
Hello,
For syncrepl to work do we need to enable the sasl? I had the sasl disabled and configured to replicate using simple bindmethod, with the following config: syncrepl rid=001 provider=ldap://ldap2.example.com type=refreshAndPersist retry="5 5 300 +" searchbase="o=tld" bindmethod=simple binddn="uid=admin,ou=users,o=tld" credentials=password schemachecking=on
but I get the following error:
slap_client_connect: URI=ldap://ldap2.example.com DN="uid=admin,ou=users,o=tld" ldap_sasl_bind_s failed (-1)
ldap_sasl_bind_s is the name of the binding function for both simple and SASL binds. It doesn't mean you're performing a SASL bind. If it was a dn/password issue, you would see error code 49. You got error code -1, which seems to imply it cannot open a connection to ldap2.example.com from that server.
--Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
For syncrepl to work do we need to enable the sasl? I had the sasl disabled and configured to replicate using simple bindmethod, with the following config: syncrepl rid=001 provider=ldap://ldap2.example.com type=refreshAndPersist retry="5 5 300 +" searchbase="o=tld" bindmethod=simple binddn="uid=admin,ou=users,o=tld" credentials=password schemachecking=on
but I get the following error:
slap_client_connect: URI=ldap://ldap2.example.com DN="uid=admin,ou=users,o=tld" ldap_sasl_bind_s failed
(-1)
ldap_sasl_bind_s is the name of the binding function for both simple and SASL binds. It doesn't mean you're performing a SASL bind. If it was a dn/password issue, you would see error code 49. You got error code -1, which seems to imply it cannot open a connection to ldap2.example.com from that server.
--Quanah
Thanks for your response!
ldap1-client <-> slapd2: Communication OK slapd1 <-> ldap2-client: Communication OK slapd1 <-/-> slapd2: Communication failure
Using 'ldapsearch' command, I am able to bind and search on the slapd2 server from the server (slapd1) that is issuing the above error and vice-versa. So, the client modules from one server have no trouble connecting the slapd on the other server, however, the slapd to slapd communication via slap_client_connect for syncrepl seems to have an issue.
I am wondering if there is anything in the cn=config configuration that could lead to this.
Thanks
ldap1-client <-> slapd2: Communication OK slapd1 <-> ldap2-client: Communication OK slapd1 <-/-> slapd2: Communication failure
Using 'ldapsearch' command, I am able to bind and search on the slapd2 server from the server (slapd1) that is issuing the above error and vice-versa. So, the client modules from one server have no trouble connecting the slapd on the other server, however, the slapd to slapd communication via slap_client_connect for syncrepl seems to have an issue.
I am wondering if there is anything in the cn=config configuration that could lead to this.
I have upgraded to 2.4.30, but I still have the above problem! I am compiling this in an openvz containter (2.6.32-042stab049.6) with --enable-syncprov option.
What is the best way to check if 'syncprov' is enabled in my compiled slapd?
Thanks
openldap-technical@openldap.org
-
Quanah Gibson-Mount -
S.A.