Re: [linux] OpenLDAP syncrepl

Mon, 15 Oct 2007 01:18:11 -0700 

Salut Arnaud,

Le 14/10/07, Jean Dumont <[EMAIL PROTECTED]> a écrit :
>
>
> Le vendredi 05 octobre 2007 à 16:39 +0200, Arnaud Vandyck a écrit :
> > Bonjour à tous,
> >
> > J'essaye de faire un replica ldap mais ça ne va pas!
> >
> > J'ai suivi la doc sur openldap, côté master, j'ai ajouté:
> > replogfile      /var/lib/ldap/replog
> > sessionlog 1 500
> > syncprov-chekpoint 1 10
> > syncprov-sessionlog 1
> >
> > Côté replicat:
> > syncrepl rid=1
> >   provider=ldap://master:389
> >   type=refreshOnly
> >   interval=00:01:00:00
> >   searchbase="dc=ressource-toi,dc=org"
> >   scope=sub
> >   schemachecking=off
> >   updatedn="cn=replica,dc=ressource-toi,org"
> >   bindmethod=simple
> >   binddn="cn=admin,dc=ressource-toi,dc=org"
>
> ici sur le slave il faut un updatedn qui corresponde au binddn et pas
> deux DN différents.


Apparement non,

<sample>

        syncrepl rid=123
                provider=ldap://provider.example.com:389
                type=refreshOnly
                interval=01:00:00:00
                searchbase="dc=example,dc=com"
                filter="(objectClass=organizationalPerson)"
                scope=sub
                attrs="cn,sn,ou,telephoneNumber,title,l"
                schemachecking=off
                updatedn="cn=replica,dc=example,dc=com"
                bindmethod=simple
                binddn="cn=syncuser,dc=example,dc=com"
                credentials=secret

In this example, the consumer will connect to the provider slapd at port 389
of ldap://provider.example.com to perform a polling (*refreshOnly*) mode of
synchronization once a day. It will bind as
cn=syncuser,dc=example,dc=comusing simple authentication with password
"secret". Note that the access
control privilege of cn=syncuser,dc=example,dc=com should be set
appropriately in the provider to retrieve the desired replication content.
The consumer will write to its database with the privilege of the
cn=replica,dc=example,dc=com entry as specified in the updatedn= directive.
The updatedn entry should have write permission to the replica content.
</sample>

Xavier

_______________________________________________________
Linux Mailing List - http://www.unixtech.be
Subscribe/Unsubscribe: http://lists.unixtech.be/cgi-bin/mailman/listinfo/linux
Archives: http://www.mail-archive.com/[email protected]
IRC: chat.unixtech.be:6667 - #unixtech
NNTP: news.gname.org - gmane.org.user-groups.linux.unixtech

Répondre à