3:41 a.m.
Hi.
How do I change the admin password correctly and not break replication ?
=)
here when setting up replication the password was mentioned
dn: olcDatabase={0}config,cn=config
changetype: modify
add: olcRootPW
olcRootPW: 123 And
dn: olcDatabase={0}config,cn=config
changetype: modify
replace: olcSyncRepl
olcSyncRepl: rid=001
provider=ldaps://ldap1.domain.com
searchbase="cn=config"
bindmethod=simple
credentials=123
binddn="cn=admin,cn=config"
tls_reqcert=never
type=refreshAndPersist
retry="30 +"
timeout=1
olcSyncRepl: rid=002
provider=ldaps://ldap2.domain.com
searchbase="cn=config"
bindmethod=simple
credentials=123
binddn="cn=admin,cn=config"
tls_reqcert=never type=refreshAndPersist
retry="30 +"
timeout=1
tls_reqcert=never type=refreshAndPersist
retry="5 5 300 5"
timeout=1
-
replace: olcMirrorMode
olcMirrorMode: TRUE
3:37 p.m.
--On Thursday, November 19, 2020 11:41 AM +0000 Клеусов
Владимир Сергеевич <Kleusov.Vladimir(a)wildberries.ru> wrote:
Hi.
How do I change the admin password correctly and not break replication ?
=)
here when setting up replication the password was mentioned
It appears you've set up cn=config replication. I would warn that
replicating cn=config in OpenLDAP 2.4 has known issues and is not advised.
Replicating an underlying binary db (such as a back-mdb database) is fine.
In the latter case, best practice is to use a replication specific identity
for doing the replication and not the rootdn.
As far as your overall question goes, you would want to:
a) update the olcRootPW value in cn=config
b) update the olcSyncrepl attribute values with the new password
Something like:
ldapmodify <options>
dn: olcDatabase={0}config,cn=config
changetype: modify
replace: olcRootPW
olcRootPW: mynewpassword
-
dn: olcDatabase={0}config,cn=config
changetype: modify
replace: olcSyncRepl
olcSyncRepl: ....
olcSyncRepl: ....
I would note that these updates should not affect/break *existing*
replication connections. I.e., there would be no effect until slapd is
restarted.
Regards,
Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
2:50 a.m.
Thanks
It was also configured
dn: olcDatabase={1}mdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: dc=domain,dc=com
-
replace: olcRootDN
olcRootDN: cn=admin,dc=domain,dc=com
-
replace: olcRootPW
olcRootPW: 123
-
replace: olcSyncRepl
olcSyncRepl: rid=001
provider=ldaps://ldap1.domain.com
searchbase="dc=domain,dc=com"
bindmethod=simple
credentials=123
binddn="cn=admin,dc=domain,dc=com"
tls_reqcert=allow
type=refreshAndPersist
retry="30 +"
timeout=1
olcSyncRepl: rid=002
provider=ldaps://ldap2.domain.com
searchbase="dc=domain,dc=com"
bindmethod=simple
credentials=123
binddn="cn=admin,dc=domain,dc=com"
tls_reqcert=allow
type=refreshAndPersist
retry="30 +"
timeout=1
-
add: olcMirrorMode
olcMirrorMode: TRUE
Plan for changing the replication administrator password when
1) On the same server. For example, ldap1.domain.com<http://ldap1.domain.com>
slappasswd -h {SSHA}
Enter a new password, such as newpass
{SSHA}fx6qbwq5h4mzDAzD+ft5kA+b0uVA+29t
Create a newpasswd.ldif file
cat newpasswd. LDIF file format
dn: olcDatabase={1}hdb,cn=config
olcRootDN: cn=admin,dc=domain,dc=com
olcRootPW: {SSHA}fx6qbwq5h4mzDAzD+ft5kA+b0uVA+29t
To perform
ldapmodify -H ldapi:// -Y EXTERNAL -f newpasswd.ldif
Create a root file.ldif format
dn: olcDatabase={0}config, cn=config
changetype: modify
add: olcRootPW
olcRootPW: newpass
Run
ldapmodify -H ldapi:// -Y EXTERNAL -f root.ldif
Create a repl.ldif
dn: olcDatabase={0}config,cn=config
changetype: modify
replace: olcSyncRepl
olcSyncRepl: rid=001
provider=ldaps://ldap1.domain.com
searchbase="cn=config"
bindmethod=simple
credentials=newpass
binddn="cn=admin,cn=config"
tls_reqcert=never
type=refreshAndPersist
retry="30 +"
timeout=1
olcSyncRepl: rid=002
provider=ldaps://ldap2.domain.com
searchbase="cn=config"
bindmethod=simple
credentials=newpass
binddn="cn=admin,cn=config"
tls_reqcert=never type=refreshAndPersist
retry="30 +"
timeout=1
-
replace: olcMirrorMode
olcMirrorMode: TRUE
ldapmodify -Y EXTERNAL -H ldapi:/// -f repl.ldif
Create file dbrepl.ldif
dn: olcDatabase={1}mdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: dc=domain,dc=com
-
replace: olcRootDN
olcRootDN: cn=admin,dc=domain,dc=com
-
replace: olcRootPW
olcRootPW: newpass
-
replace: olcSyncRepl
olcSyncRepl: rid=001
provider=ldaps://ldap1.domain.com
searchbase="dc=domain,dc=com"
bindmethod=simple
credentials=newpass
binddn="cn=admin,dc=domain,dc=com"
tls_reqcert=allow
type=refreshAndPersist
retry="30 +"
timeout=1
olcSyncRepl: rid=002
provider=ldaps://ldap2.domain.com
searchbase="dc=domain,dc=com"
bindmethod=simple
credentials=newpass
binddn="cn=admin,dc=domain,dc=com"
tls_reqcert=allow
type=refreshAndPersist
retry="30 +"
timeout=1
-
add: olcMirrorMode
olcMirrorMode: TRUE
service slapd restart
2) on the second server
,
service slapd restart
Right ?
Sorry for being so detailed...
20 нояб. 2020 г., в 02:37, Quanah Gibson-Mount
<quanah@symas.com<mailto:quanah@symas.com>> написал(а):
--On Thursday, November 19, 2020 11:41 AM +0000 Клеусов Владимир Сергеевич
<Kleusov.Vladimir@wildberries.ru<mailto:Kleusov.Vladimir@wildberries.ru>>
wrote:
Hi.
How do I change the admin password correctly and not break replication ?
=)
here when setting up replication the password was mentioned
It appears you've set up cn=config replication. I would warn that replicating
cn=config in OpenLDAP 2.4 has known issues and is not advised. Replicating an underlying
binary db (such as a back-mdb database) is fine. In the latter case, best practice is to
use a replication specific identity for doing the replication and not the rootdn.
As far as your overall question goes, you would want to:
a) update the olcRootPW value in cn=config
b) update the olcSyncrepl attribute values with the new password
Something like:
ldapmodify <options>
dn: olcDatabase={0}config,cn=config
changetype: modify
replace: olcRootPW
olcRootPW: mynewpassword
-
dn: olcDatabase={0}config,cn=config
changetype: modify
replace: olcSyncRepl
olcSyncRepl: ....
olcSyncRepl: ....
I would note that these updates should not affect/break *existing* replication
connections. I.e., there would be no effect until slapd is restarted.
Regards,
Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
12:35 p.m.
--On Friday, November 20, 2020 10:50 AM +0000 Клеусов
Владимир Сергеевич <Kleusov.Vladimir(a)wildberries.ru> wrote:
Right ?
Sorry for being so detailed...
You should be able to do all of the modifications necessary as two
operations inside a single LDIF file. Additionally, since you previously
set olcMirrorMode to true, there's no need to do it again.
As an aside, I would note that the hdb backend is deprecated and you are
encouraged to migrate to using the MDB backend instead. You've also not
stated what release of OpenLDAP you are using, but I'd strongly advise
using no earlier than 2.4.54. It generally appears you're on RHEL7 based
on the changes you noted. If that's correct, Symas offers free replacement
packages that are up to date at: <https://repo.symas.com/sofl/rhel7/>;. The
LTB project also offers current builds for a variety of platforms at
<https://ltb-project.org/download>;.
Example LDIF file for doing the necessary changes:
cat > /tmp/change.ldif << EOF
dn: olcDatabase={0}config, cn=config
changetype: modify
replace: olcRootPW
olcRootPW: newpass
-
replace: olcSyncRepl
olcSyncRepl: rid=001
provider=ldaps://ldap1.domain.com
searchbase="cn=config"
bindmethod=simple
credentials=newpass
binddn="cn=admin,cn=config"
tls_reqcert=never
type=refreshAndPersist
retry="30 +"
timeout=1
olcSyncRepl: rid=002
provider=ldaps://ldap2.domain.com
searchbase="cn=config"
bindmethod=simple
credentials=newpass
binddn="cn=admin,cn=config"
tls_reqcert=never type=refreshAndPersist
retry="30 +"
timeout=1
dn: olcDatabase={1}mdb,cn=config
changetype: modify
replace: olcRootPW
olcRootPW: newpass
-
replace: olcSyncRepl
olcSyncRepl: rid=001
provider=ldaps://ldap1.domain.com
searchbase="dc=domain,dc=com"
bindmethod=simple
credentials=newpass
binddn="cn=admin,dc=domain,dc=com"
tls_reqcert=allow
type=refreshAndPersist
retry="30 +"
timeout=1
olcSyncRepl: rid=002
provider=ldaps://ldap2.domain.com
searchbase="dc=domain,dc=com"
bindmethod=simple
credentials=newpass
binddn="cn=admin,dc=domain,dc=com"
tls_reqcert=allow
type=refreshAndPersist
retry="30 +"
timeout=1
EOF
Regards,
Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
6:08 a.m.
Thanks for the example. I have Debian 9. Changing the example for my values.
ldapmodify -Y EXTERNAL -H ldapi:/// -f change.ldif
I get an error ldapmodify: wrong attributeType at line 10, entry "
olcDatabase={0}config, cn=config»
If you don't mind please tell me what I'm doing wrong
20 нояб. 2020 г., в 23:35, Quanah Gibson-Mount
<quanah(a)symas.com> написал(а):
--On Friday, November 20, 2020 10:50 AM +0000 Клеусов Владимир Сергеевич
<Kleusov.Vladimir(a)wildberries.ru> wrote:
> Right ?
> Sorry for being so detailed...
You should be able to do all of the modifications necessary as two operations inside a
single LDIF file. Additionally, since you previously set olcMirrorMode to true,
there's no need to do it again.
As an aside, I would note that the hdb backend is deprecated and you are encouraged to
migrate to using the MDB backend instead. You've also not stated what release of
OpenLDAP you are using, but I'd strongly advise using no earlier than 2.4.54. It
generally appears you're on RHEL7 based on the changes you noted. If that's
correct, Symas offers free replacement packages that are up to date at:
<https://repo.symas.com/sofl/rhel7/>;. The LTB project also offers current builds
for a variety of platforms at <https://ltb-project.org/download>;.
Example LDIF file for doing the necessary changes:
cat > /tmp/change.ldif << EOF
dn: olcDatabase={0}config, cn=config
changetype: modify
replace: olcRootPW
olcRootPW: newpass
-
replace: olcSyncRepl
olcSyncRepl: rid=001
provider=ldaps://ldap1.domain.com
searchbase="cn=config"
bindmethod=simple
credentials=newpass
binddn="cn=admin,cn=config"
tls_reqcert=never
type=refreshAndPersist
retry="30 +"
timeout=1
olcSyncRepl: rid=002
provider=ldaps://ldap2.domain.com
searchbase="cn=config"
bindmethod=simple
credentials=newpass
binddn="cn=admin,cn=config"
tls_reqcert=never type=refreshAndPersist
retry="30 +"
timeout=1
dn: olcDatabase={1}mdb,cn=config
changetype: modify
replace: olcRootPW
olcRootPW: newpass
-
replace: olcSyncRepl
olcSyncRepl: rid=001
provider=ldaps://ldap1.domain.com
searchbase="dc=domain,dc=com"
bindmethod=simple
credentials=newpass
binddn="cn=admin,dc=domain,dc=com"
tls_reqcert=allow
type=refreshAndPersist
retry="30 +"
timeout=1
olcSyncRepl: rid=002
provider=ldaps://ldap2.domain.com
searchbase="dc=domain,dc=com"
bindmethod=simple
credentials=newpass
binddn="cn=admin,dc=domain,dc=com"
tls_reqcert=allow
type=refreshAndPersist
retry="30 +"
timeout=1
EOF
Regards,
Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
12:56 p.m.
--On Thursday, November 26, 2020 2:08 PM +0000 Клеусов
Владимир Сергеевич <Kleusov.Vladimir(a)wildberries.ru> wrote:
Thanks for the example. I have Debian 9. Changing the example for my
values. ldapmodify -Y EXTERNAL -H ldapi:/// -f change.ldif
I get an error ldapmodify: wrong attributeType at line 10, entry "
olcDatabase={0}config, cn=config»
It looks like there's an extra space in the dn?
" olcDatabase={0}config, cn=config"
Not sure if that's just a typo when pasting.
Also, I would note that if there are trailing spaces, for example if you
have:
"replace: olcSyncrepl "
instead of:
"replace: olcSyncrepl"
You'll get a similar error message.
Regards,
Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
12:08 a.m.
Hi,
Thanks.
I checked the extra spaces. To be honest, I didn't find any extra spaces. Here is the
contents of my file:
dn: olcDatabase={0}config,cn=config
changetype: modify
replace: olcRootPW
olcRootPW: newpass!
-
replace: olcSyncRepl
olcSyncRepl: rid=001
provider=ldaps://ldap1.domain.com
searchbase="cn=config"
bindmethod=simple
credentials=newpass!
binddn="cn=admin,cn=config"
tls_reqcert=never
type=refreshAndPersist
retry="30 +"
timeout=1
olcSyncRepl: rid=002
provider=ldaps://ldap2.domain.com
searchbase="cn=config"
bindmethod=simple
credentials=newpass!
binddn="cn=admin,cn=config"
tls_reqcert=never
type=refreshAndPersist
retry="30 +"
timeout=1
olcSyncRepl: rid=003
provider=ldaps://ldap3.domain.com
searchbase="cn=config"
bindmethod=simple
credentials=newpass!
binddn="cn=admin,cn=config"
tls_reqcert=allow
type=refreshAndPersist
retry="30 +"
timeout=1
dn: olcDatabase={1}mdb,cn=config
changetype: modify
replace: olcRootPW
olcRootPW: newpass!
-
replace: olcSyncRepl
olcSyncRepl: rid=001
provider=ldaps://ldap1.domain.com
searchbase="dc=domain,dc=com"
bindmethod=simple
credentials=newpass!
binddn="cn=admin,dc=domain,dc=com"
tls_reqcert=allow
type=refreshAndPersist
retry="30 +"
timeout=1
olcSyncRepl: rid=002
provider=ldaps://ldap2.domain.com
searchbase="dc=domain,dc=com"
bindmethod=simple
credentials=newpass!
binddn="cn=admin,dc=domain,dc=com"
tls_reqcert=allow
type=refreshAndPersist
retry="30 +"
timeout=1
olcSyncRepl: rid=003
provider=ldaps://ldap3.domain.com
searchbase="dc=domain,dc=com"
bindmethod=simple
credentials=newpass!
binddn="cn=admin,dc=domain,dc=com"
tls_reqcert=allow
type=refreshAndPersist
retry="30 +"
timeout=1
Error ldapmodify: wrong attributeType at line 10, entry
"olcDatabase={0}config,cn=config»
If I understand correctly 10 line
bindmethod=simple
If possible any help
1 дек. 2020 г., в 23:56, Quanah Gibson-Mount <quanah(a)symas.com>
написал(а):
--On Thursday, November 26, 2020 2:08 PM +0000 Клеусов Владимир Сергеевич
<Kleusov.Vladimir(a)wildberries.ru> wrote:
> Thanks for the example. I have Debian 9. Changing the example for my
> values. ldapmodify -Y EXTERNAL -H ldapi:/// -f change.ldif
> I get an error ldapmodify: wrong attributeType at line 10, entry "
> olcDatabase={0}config, cn=config»
It looks like there's an extra space in the dn?
" olcDatabase={0}config, cn=config"
Not sure if that's just a typo when pasting.
Also, I would note that if there are trailing spaces, for example if you have:
"replace: olcSyncrepl "
instead of:
"replace: olcSyncrepl"
You'll get a similar error message.
Regards,
Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
12:11 p.m.
--On Wednesday, December 2, 2020 8:08 AM +0000 Клеусов
Владимир Сергеевич <Kleusov.Vladimir(a)wildberries.ru> wrote:
Hi,
Thanks.
I checked the extra spaces. To be honest, I didn't find any extra spaces.
Here is the contents of my file:
You're missing a newline before the
dn: olcDatabase={1}mdb,cn=config
line. This is necessary to indicate that a new record is being dealt with.
That would also be line 10 of the change modification, so the error is
correct.
--Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
12:26 a.m.
I added a new line. So the file is like this:
dn: olcDatabase={0}config,cn=config
changetype: modify
replace: olcRootPW
olcRootPW: newpass!
-
replace: olcSyncRepl
olcSyncRepl: rid=001
provider=ldaps://ldap1.domain.com
searchbase="cn=config"
bindmethod=simple
credentials=newpass!
binddn="cn=admin,cn=config"
tls_reqcert=never
type=refreshAndPersist
retry="30 +"
timeout=1
olcSyncRepl: rid=002
provider=ldaps://ldap2.domain.com
searchbase="cn=config"
bindmethod=simple
credentials=newpass!
binddn="cn=admin,cn=config"
tls_reqcert=never
type=refreshAndPersist
retry="30 +"
timeout=1
olcSyncRepl: rid=003
provider=ldaps://ldap3.domain.com
searchbase="cn=config"
bindmethod=simple
credentials=newpass!
binddn="cn=admin,cn=config"
tls_reqcert=allow
type=refreshAndPersist
retry="30 +"
timeout=1
dn: olcDatabase={1}mdb,cn=config
changetype: modify
replace: olcRootPW
olcRootPW: newpass!
-
replace: olcSyncRepl
olcSyncRepl: rid=001
provider=ldaps://ldap1.domain.com
searchbase="dc=domain,dc=com"
bindmethod=simple
credentials=newpass!
binddn="cn=admin,dc=domain,dc=com"
tls_reqcert=allow
type=refreshAndPersist
retry="30 +"
timeout=1
olcSyncRepl: rid=002
provider=ldaps://ldap2.domain.com
searchbase="dc=domain,dc=com"
bindmethod=simple
credentials=newpass!
binddn="cn=admin,dc=domain,dc=com"
tls_reqcert=allow
type=refreshAndPersist
retry="30 +"
timeout=1
olcSyncRepl: rid=003
provider=ldaps://ldap3.domain.com
searchbase="dc=domain,dc=com"
bindmethod=simple
credentials=newpass!
binddn="cn=admin,dc=domain,dc=com"
tls_reqcert=allow
type=refreshAndPersist
retry="30 +"
timeout=1
Error
ldap_modify: Other (e.g., implementation specific) error (80)
additional info: Error: parse_syncrepl_line: unable to parse syncrepl id
"001provider=ldaps://ldap1.domain.comsearchbase="cn=config"bindmethod=simplecredentials=newpass!binddn="cn=admin,cn=config"tls_reqcert=nevertype=refreshAndPersistretry="30
+Tim
If slapcat -b "cn=config" | egrep rid
olcSyncrepl: {0}rid=001 provider=ldaps://ldap1.domain.com
olcSyncrepl: {1}rid=002 provider=ldaps://ldap2.domain.com
olcSyncrepl: {2}rid=003 provider=ldaps://ldap3.domain.com
olcSyncrepl: {0}rid=001 provider=ldaps://ldap1.domain.com
olcSyncrepl: {1}rid=002 provider=ldaps://ldap2.domain.com
olcSyncrepl: {2}rid=003 provider=ldaps://ldap3.domain.com
Theoretically, why is there a different indent between {0}rid=001 provider=ldap://ldap
1.domain.com<http://1.domain.com> in different lines ?
2 дек. 2020 г., в 23:11, Quanah Gibson-Mount
<quanah@symas.com<mailto:quanah@symas.com>> написал(а):
--On Wednesday, December 2, 2020 8:08 AM +0000 Клеусов Владимир Сергеевич
<Kleusov.Vladimir@wildberries.ru<mailto:Kleusov.Vladimir@wildberries.ru>>
wrote:
Hi,
Thanks.
I checked the extra spaces. To be honest, I didn't find any extra spaces.
Here is the contents of my file:
You're missing a newline before the
dn: olcDatabase={1}mdb,cn=config
line. This is necessary to indicate that a new record is being dealt with. That would also
be line 10 of the change modification, so the error is correct.
--Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
1:14 p.m.
--On Thursday, December 3, 2020 8:26 AM +0000 Клеусов
Владимир Сергеевич <Kleusov.Vladimir(a)wildberries.ru> wrote:
I added a new line. So the file is like this:
Your email does not show any new line. I would suggest sending a pastebin
or similar link, since the text appears to being reformatted.
Regards,
Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
11:36 p.m.
Here's pastebin
https://pastebin.com/ysM8ezVF
4 дек. 2020 г., в 00:14, Quanah Gibson-Mount
<quanah@symas.com<mailto:quanah@symas.com>> написал(а):
--On Thursday, December 3, 2020 8:26 AM +0000 Клеусов Владимир Сергеевич
<Kleusov.Vladimir@wildberries.ru<mailto:Kleusov.Vladimir@wildberries.ru>>
wrote:
I added a new line. So the file is like this:
Your email does not show any new line. I would suggest sending a pastebin or similar
link, since the text appears to being reformatted.
Regards,
Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
8:38 a.m.
--On Friday, December 4, 2020 7:36 AM +0000 Клеусов Владимир
Сергеевич <Kleusov.Vladimir(a)wildberries.ru> wrote:
Here's pastebin
https://pastebin.com/ysM8ezVF
You seem to have stripped the leading spaces that mark a line continuation
in LDIF for the olcSyncrepl attr values, which is why you're getting this
error.
See <https://paste.centos.org/view/c3982f6a>
Regards,
Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
12:02 a.m.
If https://pastebin.com/FP8P9ujN
error
ldap_modify: Other (e.g., implementation specific) error (80)
additional info: Error: parse_syncrepl_line: unable to parse syncrepl id
"001provider=ldaps://ldap1.domain.comsearchbase="cn=config"bindmethod=simplecredentials=newpass!binddn="cn=admin,cn=config"tls_reqcert=nevertype=refreshAndPersistretry="30
+tim
4 дек. 2020 г., в 19:38, Quanah Gibson-Mount
<quanah@symas.com<mailto:quanah@symas.com>> написал(а):
--On Friday, December 4, 2020 7:36 AM +0000 Клеусов Владимир Сергеевич
<Kleusov.Vladimir@wildberries.ru<mailto:Kleusov.Vladimir@wildberries.ru>>
wrote:
Here's pastebin
https://pastebin.com/ysM8ezVF
You seem to have stripped the leading spaces that mark a line continuation in LDIF for the
olcSyncrepl attr values, which is why you're getting this error.
See <https://paste.centos.org/view/c3982f6a>
Regards,
Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
7:58 a.m.
--On Monday, December 7, 2020 8:02 AM +0000 Клеусов Владимир
Сергеевич <Kleusov.Vladimir(a)wildberries.ru> wrote:
I strongly advise reading up on LDIF format. You clearly have only a
single space, when 2 spaces is required here.
Regards,
Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
2:27 a.m.
Thanks.
Final version
https://pastebin.com/sKE4EL2U
I applied and then rebooted all the ldap servers
But now I can use two admin passwords (old and new) Can I only make one password ?
I check it like this
ldapsearch -W -H ldaps://ldap1.domain.com:636 -x -D "cn=admin,dc=domain,dc=com"
-b «dc=domain,dc=com" -s sub "(cn=*)"
7 дек. 2020 г., в 18:58, Quanah Gibson-Mount <quanah(a)symas.com>
написал(а):
--On Monday, December 7, 2020 8:02 AM +0000 Клеусов Владимир Сергеевич
<Kleusov.Vladimir(a)wildberries.ru> wrote:
>
> If https://pastebin.com/FP8P9ujN
I strongly advise reading up on LDIF format. You clearly have only a single space, when
2 spaces is required here.
Regards,
Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
8:22 a.m.
--On Wednesday, December 9, 2020 10:27 AM +0000 Клеусов
Владимир Сергеевич <Kleusov.Vladimir(a)wildberries.ru> wrote:
Thanks.
Final version
https://pastebin.com/sKE4EL2U
I applied and then rebooted all the ldap servers
There should be no reason to reboot. If you wanted to force close existing
replication connections, simply restart slapd.
But now I can use two admin passwords (old and new) Can I only make
one
password ? I check it like this
ldapsearch -W -H ldaps://ldap1.domain.com:636 -x -D
"cn=admin,dc=domain,dc=com" -b «dc=domain,dc=com" -s sub
"(cn=*)"
This would indicate that in addition to the rootdn being defined in the
slapd configuration, you also have an entry for it in the database. You'll
need to update the password for the entry in the database as well. I would
suggest using the ldappasswd client utility for that.
Regards,
Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
903
days inactive
923
days old
openldap-technical@openldap.org
15 comments
3 participants
participants (3)
-
Quanah Gibson-Mount -
Клеусов Владимир Сергее вич -
Клеусов Владимир Сергеевич