Hello all,
I have a master and a slave Openldap server on an Ubuntu 8.0.4 server with 2.4.9 version of Openldap. I'm sing syncrepl to sync data between 2 servers. Data are transfered from master to the slave without a problem and I'm able to query the slave ldap via phpldapadmin without a problem. Having said that, as soon as I add a new user to the master ldap that is been replicated fine (I can see the user details on the slave server) but when I run from bash 'id user1' I'm getting an 'id: user1: No such user. This is happening no matter if I stop and start nscd or ldap.
The sync part of the slave server is pasted below:
syncrepl rid=001 provider=ldap://192.168.1.0 type=refreshOnly interval=00:00:01:00 searchbase="dc=mydomain,dc=edu,dc=com" binddn="uid=syncrepl,ou=System,dc=mydomain,dc=edu,dc=com" bindmethod=simple credentials=mypassword
updateref ldap://192.168.1.0
and the ACL's into slave are:
access to attrs=userPassword,shadowLastChange by dn="cn=admin,dc=mydomain,dc=edu,dc=com" write by dn="uid=syncrepl,ou=System,dc=mydomain,dc=edu,dc=com" write by dn="uid=authenticate,ou=System,dc=mydomain,dc=edu,dc=com" read by anonymous auth by self write by * none
access to dn.base="" by * read
access to * by dn="cn=admin,dc=mydomain,dc=edu,dc=com" write by dn="uid=syncrepl,ou=System,dc=mydomain,dc=edu,dc=com" write by * read
On master slave I can query any user fine. It just doesn't work on slave. nsswitch.conf is same as master:
passwd: files ldap group: files ldap shadow: files ldap
hosts: files dns networks: files
protocols: db files services: db files ethers: db files rpc: db files
netgroup: nis ldap
I have no clue how to troubleshoot this problem. Any help is much appreciated.
Thanks a lot
I forgot to add a ldapsearch output. Below is the results direct from slave server. It finds without a problem the user but still not resolving on terminal. I need this in order to chown a particular directory which holds the mail settings (Maildir etc).
ldapsearch -x -b "dc=mydomain,dc=edu,dc=com" -D "cn=admin,dc=mydomain,dc=edu,dc=com" -W uid=user1
# Stavros Lolis, Users, mydomain.edu.com dn: cn=Stavros Lolis,ou=Users,dc=mydomain,dc=edu,dc=com objectClass: inetOrgPerson objectClass: posixAccount objectClass: person objectClass: organizationalPerson objectClass: top uid: user1 userPassword:: e01ENX1nbnpMRHVxS2NHeE1OS0Zva2ZoT2V3PT0= uidNumber: 1761 gidNumber: 100 homeDirectory: /home/user1 loginShell: /bin/false mail: user1@mydomain.edu.gr
Also my /etc/ldap.conf has:
host 192.168.1.0 192.168.1.1 base dc=com,dc=edu,dc=com ldap_version 3 binddn uid=authenticate,ou=System,dc=com,dc=edu,dc=com bindpw {MD5}jikxdsfdfsdfsdfsO5dIXw== rootbinddn cn=admin,dc=com,dc=edu,dc=com nss_initgroups_ignoreusers amavis,backup,bin,bind,clamav,daemon,dhcp,dovecot,games,gnats,irc,klog,libuuid,list,lp,mail,man,mysql,news,openldap,postfix,proxy,root,smmsp,smmta,smtpguard,sshd,sync,sys,syslog,uucp,www-data scope sub nss_base_passwd ou=Users,dc=com,dc=edu,dc=com?sub
Any help is much appreciated.
2008/8/21 Stelios A. stelios.a@gmail.com:
Hello all,
I have a master and a slave Openldap server on an Ubuntu 8.0.4 server with 2.4.9 version of Openldap. I'm sing syncrepl to sync data between 2 servers. Data are transfered from master to the slave without a problem and I'm able to query the slave ldap via phpldapadmin without a problem. Having said that, as soon as I add a new user to the master ldap that is been replicated fine (I can see the user details on the slave server) but when I run from bash 'id user1' I'm getting an 'id: user1: No such user. This is happening no matter if I stop and start nscd or ldap.
The sync part of the slave server is pasted below:
syncrepl rid=001 provider=ldap://192.168.1.0 type=refreshOnly interval=00:00:01:00 searchbase="dc=mydomain,dc=edu,dc=com" binddn="uid=syncrepl,ou=System,dc=mydomain,dc=edu,dc=com" bindmethod=simple credentials=mypassword
updateref ldap://192.168.1.0
and the ACL's into slave are:
access to attrs=userPassword,shadowLastChange by dn="cn=admin,dc=mydomain,dc=edu,dc=com" write by dn="uid=syncrepl,ou=System,dc=mydomain,dc=edu,dc=com" write by dn="uid=authenticate,ou=System,dc=mydomain,dc=edu,dc=com" read by anonymous auth by self write by * none
access to dn.base="" by * read
access to * by dn="cn=admin,dc=mydomain,dc=edu,dc=com" write by dn="uid=syncrepl,ou=System,dc=mydomain,dc=edu,dc=com" write by * read
On master slave I can query any user fine. It just doesn't work on slave. nsswitch.conf is same as master:
passwd: files ldap group: files ldap shadow: files ldap
hosts: files dns networks: files
protocols: db files services: db files ethers: db files rpc: db files
netgroup: nis ldap
I have no clue how to troubleshoot this problem. Any help is much appreciated.
Thanks a lot
A little bit progress. I discovered that this is happening probably because the following attributes are not transfered to the slave server while using syncrepl
givenName: sn: cn:
Any ideas?
Thanks a lot
2008/8/21 Stelios A. stelios.a@gmail.com:
I forgot to add a ldapsearch output. Below is the results direct from slave server. It finds without a problem the user but still not resolving on terminal. I need this in order to chown a particular directory which holds the mail settings (Maildir etc).
ldapsearch -x -b "dc=mydomain,dc=edu,dc=com" -D "cn=admin,dc=mydomain,dc=edu,dc=com" -W uid=user1
# Stavros Lolis, Users, mydomain.edu.com dn: cn=Stavros Lolis,ou=Users,dc=mydomain,dc=edu,dc=com objectClass: inetOrgPerson objectClass: posixAccount objectClass: person objectClass: organizationalPerson objectClass: top uid: user1 userPassword:: e01ENX1nbnpMRHVxS2NHeE1OS0Zva2ZoT2V3PT0= uidNumber: 1761 gidNumber: 100 homeDirectory: /home/user1 loginShell: /bin/false mail: user1@mydomain.edu.gr
Also my /etc/ldap.conf has:
host 192.168.1.0 192.168.1.1 base dc=com,dc=edu,dc=com ldap_version 3 binddn uid=authenticate,ou=System,dc=com,dc=edu,dc=com bindpw {MD5}jikxdsfdfsdfsdfsO5dIXw== rootbinddn cn=admin,dc=com,dc=edu,dc=com nss_initgroups_ignoreusers amavis,backup,bin,bind,clamav,daemon,dhcp,dovecot,games,gnats,irc,klog,libuuid,list,lp,mail,man,mysql,news,openldap,postfix,proxy,root,smmsp,smmta,smtpguard,sshd,sync,sys,syslog,uucp,www-data scope sub nss_base_passwd ou=Users,dc=com,dc=edu,dc=com?sub
Any help is much appreciated.
2008/8/21 Stelios A. stelios.a@gmail.com:
Hello all,
I have a master and a slave Openldap server on an Ubuntu 8.0.4 server with 2.4.9 version of Openldap. I'm sing syncrepl to sync data between 2 servers. Data are transfered from master to the slave without a problem and I'm able to query the slave ldap via phpldapadmin without a problem. Having said that, as soon as I add a new user to the master ldap that is been replicated fine (I can see the user details on the slave server) but when I run from bash 'id user1' I'm getting an 'id: user1: No such user. This is happening no matter if I stop and start nscd or ldap.
The sync part of the slave server is pasted below:
syncrepl rid=001 provider=ldap://192.168.1.0 type=refreshOnly interval=00:00:01:00 searchbase="dc=mydomain,dc=edu,dc=com" binddn="uid=syncrepl,ou=System,dc=mydomain,dc=edu,dc=com" bindmethod=simple credentials=mypassword
updateref ldap://192.168.1.0
and the ACL's into slave are:
access to attrs=userPassword,shadowLastChange by dn="cn=admin,dc=mydomain,dc=edu,dc=com" write by dn="uid=syncrepl,ou=System,dc=mydomain,dc=edu,dc=com" write by dn="uid=authenticate,ou=System,dc=mydomain,dc=edu,dc=com" read by anonymous auth by self write by * none
access to dn.base="" by * read
access to * by dn="cn=admin,dc=mydomain,dc=edu,dc=com" write by dn="uid=syncrepl,ou=System,dc=mydomain,dc=edu,dc=com" write by * read
On master slave I can query any user fine. It just doesn't work on slave. nsswitch.conf is same as master:
passwd: files ldap group: files ldap shadow: files ldap
hosts: files dns networks: files
protocols: db files services: db files ethers: db files rpc: db files
netgroup: nis ldap
I have no clue how to troubleshoot this problem. Any help is much appreciated.
Thanks a lot
-- Stelios A
Also my /etc/ldap.conf has:
host 192.168.1.0 192.168.1.1 base dc=com,dc=edu,dc=com ldap_version 3 binddn uid=authenticate,ou=System,dc=com,dc=edu,dc=com bindpw {MD5}jikxdsfdfsdfsdfsO5dIXw== rootbinddn cn=admin,dc=com,dc=edu,dc=com nss_initgroups_ignoreusers
People keep doing this! bindpw is the unencrypted password.
Thanks a lot, is working now
On 8/21/08, Gavin Henry ghenry@suretecsystems.com wrote:
Also my /etc/ldap.conf has:
host 192.168.1.0 192.168.1.1 base dc=com,dc=edu,dc=com ldap_version 3 binddn uid=authenticate,ou=System,dc=com,dc=edu,dc=com bindpw {MD5}jikxdsfdfsdfsdfsO5dIXw== rootbinddn cn=admin,dc=com,dc=edu,dc=com nss_initgroups_ignoreusers
People keep doing this! bindpw is the unencrypted password.
-- Kind Regards,
Gavin Henry.
T +44 (0) 1224 279484 M +44 (0) 7930 323266 F +44 (0) 1224 824887 E ghenry@suretecsystems.com
Open Source. Open Solutions(tm).
openldap-technical@openldap.org
-
Gavin Henry -
Stelios A.