Hi,
I configured Muti-master replication, everything worked fine till I hashed rootpw to confirm to a hardcoded password in Oracle. I configured OpenLDAP servers to us SALS. This is my configuration.
provider=ldap://xxx.xxx.xxx:389 bindmethod=sasl saslmech=external starttls=yes tls_cert=/etc/pki/tls/certs/slapd.pem tls_key=/etc/pki/tls/private/ldap.pem tls_cacert=/etc/pki/tls/certs/ca-bundle.crt tls_reqcert=demand binddn="cn=ldap,dc=establishment,dc=edu" credentials={SSHA}2vNffW+5hEolqIykgH9tCpxq9jTTVSSu searchbase="dc=establishment,dc=edu" schemachecking=on type=refreshAndPersist retry="60 +"
when I run ldapsearch against servers I get response from both machines.
ldapsearch -H ldap://server.establishment.edu -D "cn=ldap,dc=establishment,dc=edu" -w "PASSWORD" -x -b "dc=establishment ,dc=edu" "(objectclass=*)" uid.
This what I get in the logs:
May 23 09:37:01 ldap1 slapd[1559]: slap_client_connect: URI=ldap://xxx.xxx.edu:389 ldap_sasl_interactive_bind_s failed (-6) May 23 09:37:01 ldap1 slapd[1559]: do_syncrepl: rid=002 rc -6 retrying May 23 09:37:58 ldap1 slapd[1559]: conn=5220 op=0 do_extended: unsupported operation "1.3.6.1.4.1.1466.20037" May 23 09:38:01 ldap1 slapd[1559]: slap_client_connect: URI=ldap://xxx.xxx.edu:389 Warning, ldap_start_tls failed (2) May 23 09:38:01 ldap1 slapd[1559]: slap_client_connect: URI=ldap://xxx.xxx.edu:389 ldap_sasl_interactive_bind_s failed (-6) May 23 09:38:01 ldap1 slapd[1559]: do_syncrepl: rid=002 rc -6 retrying
Thanks
Darouichi, Aziz wrote:
I configured Muti-master replication, everything worked fine till I hashed rootpw to confirm to a hardcoded password in Oracle. I configured OpenLDAP servers to us SALS. This is my configuration. provider=ldap://xxx.xxx.xxx:389 bindmethod=sasl saslmech=external starttls=yes tls_cert=/etc/pki/tls/certs/slapd.pem tls_key=/etc/pki/tls/private/ldap.pem tls_cacert=/etc/pki/tls/certs/ca-bundle.crt tls_reqcert=demand binddn="cn=ldap,dc=establishment,dc=edu" credentials={SSHA}2vNffW+5hEolqIykgH9tCpxq9jTTVSSu searchbase="dc=establishment,dc=edu" schemachecking=on type=refreshAndPersist retry="60 +"
I don't understand why you use
bindmethod=sasl saslmech=external
and
binddn="cn=ldap,dc=establishment,dc=edu" credentials={SSHA}2vNffW+5hEolqIykgH9tCpxq9jTTVSSu
together.
Anyway you have to provide the clear-text password here since the consumer is a LDAP client.
when I run ldapsearch against servers I get response from both machines. ldapsearch -H ldap://server.establishment.edu -D "cn=ldap,dc=establishment,dc=edu" -w "PASSWORD" -x -b "dc=establishment ,dc=edu" "(objectclass=*)" uid. This what I get in the logs: May 23 09:37:01 ldap1 slapd[1559]: slap_client_connect: URI=ldap://xxx.xxx.edu:389 ldap_sasl_interactive_bind_s failed (-6) May 23 09:37:01 ldap1 slapd[1559]: do_syncrepl: rid=002 rc -6 retrying May 23 09:37:58 ldap1 slapd[1559]: conn=5220 op=0 do_extended: unsupported operation "1.3.6.1.4.1.1466.20037" May 23 09:38:01 ldap1 slapd[1559]: slap_client_connect: URI=ldap://xxx.xxx.edu:389 Warning, ldap_start_tls failed (2) May 23 09:38:01 ldap1 slapd[1559]: slap_client_connect: URI=ldap://xxx.xxx.edu:389 ldap_sasl_interactive_bind_s failed (-6) May 23 09:38:01 ldap1 slapd[1559]: do_syncrepl: rid=002 rc -6 retrying
This basically means that TLS is not properly configured at the provider.
Ciao, Michael.
If I moved either entries service fails to start.
-----Original Message----- From: Michael Ströder [mailto:michael@stroeder.com] Sent: Monday, May 23, 2011 10:15 AM To: Darouichi, Aziz Cc: openldap-technical@openldap.org Subject: Re: TLS replication/SALS bindmethod
Darouichi, Aziz wrote:
I configured Muti-master replication, everything worked fine till I hashed rootpw to confirm to a hardcoded password in Oracle. I configured OpenLDAP servers to us SALS. This is my configuration. provider=ldap://xxx.xxx.xxx:389 bindmethod=sasl saslmech=external starttls=yes tls_cert=/etc/pki/tls/certs/slapd.pem tls_key=/etc/pki/tls/private/ldap.pem tls_cacert=/etc/pki/tls/certs/ca-bundle.crt tls_reqcert=demand binddn="cn=ldap,dc=establishment,dc=edu" credentials={SSHA}2vNffW+5hEolqIykgH9tCpxq9jTTVSSu searchbase="dc=establishment,dc=edu" schemachecking=on type=refreshAndPersist retry="60 +"
I don't understand why you use
bindmethod=sasl saslmech=external
and
binddn="cn=ldap,dc=establishment,dc=edu" credentials={SSHA}2vNffW+5hEolqIykgH9tCpxq9jTTVSSu
together.
Anyway you have to provide the clear-text password here since the consumer is a LDAP client.
when I run ldapsearch against servers I get response from both machines. ldapsearch -H ldap://server.establishment.edu -D "cn=ldap,dc=establishment,dc=edu" -w "PASSWORD" -x -b "dc=establishment ,dc=edu" "(objectclass=*)" uid. This what I get in the logs: May 23 09:37:01 ldap1 slapd[1559]: slap_client_connect: URI=ldap://xxx.xxx.edu:389 ldap_sasl_interactive_bind_s failed (-6) May 23 09:37:01 ldap1 slapd[1559]: do_syncrepl: rid=002 rc -6 retrying May 23 09:37:58 ldap1 slapd[1559]: conn=5220 op=0 do_extended: unsupported operation "1.3.6.1.4.1.1466.20037" May 23 09:38:01 ldap1 slapd[1559]: slap_client_connect: URI=ldap://xxx.xxx.edu:389 Warning, ldap_start_tls failed (2) May 23 09:38:01 ldap1 slapd[1559]: slap_client_connect: URI=ldap://xxx.xxx.edu:389 ldap_sasl_interactive_bind_s failed (-6) May 23 09:38:01 ldap1 slapd[1559]: do_syncrepl: rid=002 rc -6 retrying
This basically means that TLS is not properly configured at the provider.
Ciao, Michael.
openldap-technical@openldap.org