On Thursday, 26 November 2009 16:35:00 smainklh(a)free.fr wrote: > Hello guys, > > I'm meeting an issue when configuring ldap replication. > The synchronisation account doesn't authenticate with the provider. > > Here are my configuration files : > > /etc/ldap/slapd.conf (provider): > ----------------------- > moduleload syncprov > database bdb > overlay syncprov > syncprov-checkpoint 100 10 > syncprov-sessionlog 100 > > index objectClass,entryCSN,entryUUID eq > > /etc/ldap/slapd.conf (consumer): > -------------------------- > Syncrepl rid=666 > provider=ldaps://provider.domain.tld:636/ > type=refreshOnly > retry="60 10 600 +" > interval=00:00:30:00 > searchbase="dc=domain,dc=tld" > scope=sub > schemachecking=on > bindmethod=simple > binddn="cn=syncrepluser,dc=domain,dc=tld" > credentials=secret > > Errors below : > >From consumer > > ------------ > slap_client_connect: URI=ldaps://provider.domain.tld:636/ > DN="cn=syncrepluser,dc=domain,dc=tld" ldap_sasl_bind_s failed (49) > do_syncrepl: rid=666 retrying (9 retries left) > > >From provider > > ------------ > Nov 26 15:28:47 provider slapd[2514]: do_bind: version=3 > dn="cn=syncrepluser,dc=domain,dc=tld" method=128 > Nov 26 15:28:47 provider slapd[2514]: > bdb_dn2entry("cn=syncrepluser,dc=domain,dc=tld") > Nov 26 15:28:47 provider slapd[2514]: => > bdb_dn2id("cn=syncrepluser,dc=domain,dc=tld") > Nov 26 15:28:47 provider slapd[2514]: <= bdb_dn2id: get failed: > DB_NOTFOUND: No matching key/data pair found (-30990) The DN you specified doesn't seem to exist. > Nov 26 15:28:47 provider slapd[2514]: send_ldap_result: conn=3 op=0 p=3 > Nov 26 15:28:47 provider slapd[2514]: send_ldap_response: msgid=1 tag=97 > err=49 Nov 26 15:28:47 provider slapd[2514]: connection_get(14): got > connid=3 Nov 26 15:28:47 provider slapd[2514]: connection_read(14): > checking for input on id=3 > Nov 26 15:28:47 provider slapd[2514]: ber_get_next on fd 14 failed errno=0 > (Success) > Nov 26 15:28:47 provider slapd[2514]: connection_closing: readying conn=3 > sd=14 for close > Nov 26 15:28:47 provider slapd[2514]: connection_close: deferring conn=3 > sd=14 Nov 26 15:28:47 provider slapd[2514]: conn=3 op=1 do_unbind > Nov 26 15:28:47 provider slapd[2514]: connection_resched: attempting > closing conn=3 sd=14 > Nov 26 15:28:47 provider slapd[2514]: connection_close: conn=3 sd=14 > > > Do i have to create an account in the ldap tree? Syncrepl performs an LDAP search against the provider. As with any ldap search, it needs to perform a bind as an identity that has sufficient access to retrieve the data it needs to replicate the directory content. You could either use the rootdn on the provider (not recommended) or anonymous access (not recommended) with a totally unsecured provider, or you need to use a DN that has been granted sufficient access. See for example:

(unfortunately, the preceding section doesn't show the access controls mentioned, nor the creation of the DN) > Is there a problem using SSL? A problem with SSL wouldn't give you an "invalid credentials" error. Regards, Buchan