slurpd replication problem. - openldap-technical

27 Oct 2008


      I am seeing invalid credential error logs a lot.
Could you guys let me know how to solve this issue?
Thanks.
Server Log(slurpd -d 2)
Replicated Log (/usr/sbin/slapd -u ldap -d 2 -h ldap:///)
Slapd.conf
database        bdb
suffix          "dc=ijji,dc=com"
rootdn          "cn=Manager,dc=ijji,dc=com"
rootpw          {SSHA}EpkPadkANDlpX7yfcsa2WbA+bSssh0S4
# Cleartext passwords, especially for the rootdn, should
# be avoided.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
# rootpw                secret
# rootpw                {crypt}ijFYNcSNctBYg
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory       /var/lib/ldap/ijji.com
# Indices to maintain for this database
index objectClass                       eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
index uidNumber,gidNumber,loginShell    eq,pres
index uid,memberUid                     eq,pres,sub
index nisMapName,nisMapEntry            eq,pres,sub
#updatedn cn=Replication Manager,dc=ijji,dc=com
#updateref ldap://ca1xc115.ijji.com
access to attrs=userPassword
by self write
by anonymous auth
by dn.base="cn=Manager,dc=ijji,dc=com" write
by * none
access to *
by self write
by dn.base="cn=Manager,dc=ijji,dc=com" write
by * read
access to attrs=userPassword
by self write
by anonymous auth
by dn.base="cn=Replication Manager,dc=ijji,dc=com" write
by * none
access to *
by self write
by dn.base="cn=Replication Manager,dc=ijji,dc=com" write
by * read
# Replicas of this database
replogfile /var/lib/ldap/openldap-master-replog
replica host=ca1xc115.ijji.com:389
binddn="cn=Replication Manager,dc=ijji,dc=com"
bindmethod=simple credentials=skdltmwkq
loglevel -1
database        bdb
suffix          "dc=ijji,dc=com"
rootdn          "cn=Manager,dc=ijji,dc=com"
rootpw          {SSHA}EpkPadkANDlpX7yfcsa2WbA+bSssh0S4
# Cleartext passwords, especially for the rootdn, should
# be avoided.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
# rootpw                secret
# rootpw                {crypt}ijFYNcSNctBYg
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory       /var/lib/ldap/ijji.com
# Indices to maintain for this database
index objectClass                       eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
index uidNumber,gidNumber,loginShell    eq,pres
index uid,memberUid                     eq,pres,sub
index nisMapName,nisMapEntry            eq,pres,sub
updatedn "cn=Replication Manager,dc=ijji,dc=com"
updateref ldap://ca1xc124.ijji.com
access to attrs=userPassword
by self write
by anonymous auth
by dn.base="cn=Manager,dc=ijji,dc=com" write
by * none
access to *
by self write
by dn.base="cn=Manager,dc=ijji,dc=com" write
by * read
access to attrs=userPassword
by self write
by anonymous auth
by dn.base="cn=Replication Manager,dc=ijji,dc=com" write
by * none
access to *
by self write
by dn.base="cn=Replication Manager,dc=ijji,dc=com" write
by * read
# Replicas of this database
#replogfile /var/lib/ldap/openldap-master-replog
#replica host=ldap-1.example.com:389 starttls=critical
#     bindmethod=sasl saslmech=GSSAPI
#     authcId=host/ldap-master.example.com@EXAMPLE.COM
loglevel -1
Justin Choi
Sr. Security Engineer
NHN USA, Inc.
3353 Michelson Suite 250
Irvine, CA 92612
Mobile (408) 329-8554
MSN iD: counterhacker@live.com mailto:amyoh79@hotmail.com
Office (949) 863-1292 ext 256
Fax (949) 863-9418