Hello, I have a little problem with the chain overlay and hope, someone can help me. I have a master and a slave server (both debian lenny with openldap 2.4.11) and a normal syncrepl replication between both, but I can't get the chain working.
my slave slapd.conf entries:
moduleload back_ldap overlay chain chain-uri "ldap://10.8.0.1:389/" chain-rebind-as-user TRUE chain-idassert-bind bindmethod=simple binddn="cn=admin,dc=test,dc=de" credentials=testpw mode=self chain-tls start chain-return-error TRUE
if i try to delete an entry with ldapdelete on the slave server: ldapdelete -xD "cn=admin,dc=test,dc=de" -w testpw cn=abc,ou=Verteiler,dc=test,dc=de
Log from slave server: conn=1 fd=13 ACCEPT from IP=127.0.0.1:48451 (IP=0.0.0.0:389) conn=1 op=0 BIND dn="cn=admin,dc=test,dc=de" method=128 conn=1 op=0 BIND dn="cn=admin,dc=test,dc=de" mech=SIMPLE ssf=0 conn=1 op=0 RESULT tag=97 err=0 text= conn=1 op=1 DEL dn="cn=abc,ou=Verteiler,dc=test,dc=de" conn=1 op=1 RESULT tag=107 err=8 text= conn=1 op=2 UNBIND conn=1 fd=13 closed
Log from master server: conn=83 fd=15 ACCEPT from IP=10.8.0.2:44720 (IP=0.0.0.0:389) conn=83 op=0 BIND dn="" method=128 conn=83 op=0 RESULT tag=97 err=0 text= conn=83 op=1 DEL dn="cn=abc,ou=Verteiler,dc=test,dc=de" conn=83 op=1 RESULT tag=107 err=8 text=modifications require authentication conn=83 op=2 UNBIND conn=83 fd=15 closed
...it seems to me, that the bind-dn will not be transmitted and I don't see any start-tls entries. ...any hints for me?
best regards: Klaus
"Klaus Nagel" m_a_i_l@web.de writes:
Hello, I have a little problem with the chain overlay and hope, someone can help me. I have a master and a slave server (both debian lenny with openldap 2.4.11) and a normal syncrepl replication between both, but I can't get the chain working.
my slave slapd.conf entries:
moduleload back_ldap overlay chain chain-uri "ldap://10.8.0.1:389/" chain-rebind-as-user TRUE chain-idassert-bind bindmethod=simple binddn="cn=admin,dc=test,dc=de" credentials=testpw mode=self chain-tls start chain-return-error TRUE
the global part of my slapd.conf
overlay chain chain-uri ldap://ldap.avci.de chain-idassert-bind bindmethod=simple binddn="cn=replicator,o=avci,c=de" credentials="xxx" mode=self flags=non-prescriptive starttls=yes tls_cacert=/opt/openldap/etc/openldap/certs/avciCA.pem tls_reqcert=demand chain-return-error TRUE chain-rebind-as-user TRUE chain-tls start
-Dieter
Quoting Klaus Nagel m_a_i_l@web.de:
Hello, I have a little problem with the chain overlay and hope, someone can help me. I have a master and a slave server (both debian lenny with openldap 2.4.11) and a normal syncrepl replication between both, but I can't get the chain working.
Did you remember to include the necessary proxy authorization? I've been working hard to increase my own understanding of this subject, also using Debian lenny. Here are some of my own instructions that you may find handy:
* OpenLDAP consumer -- Referrals http://www.rjsystems.nl/en/2100-openldap-consumer.php#refr
* OpenLDAP consumer with MIT Kerberos V -- Referrals http://www.rjsystems.nl/en/2100-openldap-consumer-kerberos.php#refr
I'm currently busy revising these pages, so they will change occasionally, but so far I've not encountered any problems with the chaining instructions. If you spot anything obviously stupid, or would just like to comment, I'd be happy to hear from you.
Cheers,
Jaap
openldap-technical@openldap.org
-
Dieter Kluenter -
Jaap Winius -
Klaus Nagel