the question was not what binddn or password you are using for master/slave, the question is ... is this binddn ... "ldap manager account" (at the master end) the rootdn of your slave server?
do you have the line rootdn "cn=Manager,dc=my,dc=local" in your slave slapd.conf file if this is the case, please refer to http://www.openldap.org/doc/admin23/replication.html section 14.4.1. Set up the master slapd also, Buchan 's message explained everything. Regards, Ran -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Halfpenny Sent: Thursday, November 10, 2005 10:44 AM To: [email protected] Subject: RE: replication security hi ran, i'm using the ldap manager account for replication at the master end, shouldn't i be doing that? the passwords are the same at both ends for that account... replica host=slave.my.local:389 binddn="cn=Manager,dc=my,dc=local" --- On Wed 11/09, Ran Li < [EMAIL PROTECTED] > wrote: From: Ran Li [mailto: [EMAIL PROTECTED] To: [EMAIL PROTECTED], [email protected] Date: Wed, 9 Nov 2005 16:12:13 -0500 Subject: RE: replication security just a thought, the problem you could not update could be you use the<br>rootdn of slave as updatedn.<br><br><br>-----Original Message-----<br>From: [EMAIL PROTECTED]<br>[mailto:owner-openldap-software@ OpenLDAP.org] On Behalf Of John<br>Halfpenny<br>Sent: Wednesday, November 09, 2005 7:05 AM<br>To: [email protected]<br>Subject: replication security<br><br><br><br>hi everybody,<br><br>i have a couple of small questions regarding my openldap replication<br>setup, if anyone knows the answers i would appreciate it enormously :-)<br><br>if i run with a cleartext password for the updatedn, and turn off<br>readonly on the slave, all works well, i.e.<br><br>master-<br><br>replica host=master.my.local:389 binddn="cn=Manager,dc=my,dc=local"<br> bindmethod=simple credentials=mypass<br> syncrepl<br><br>slave-<br><br>updatedn "cn=Manager,dc=my,dc=local"<br> referral ldap://master.my.local<br><br>but i have read that the slave should really be readonly, ye! t when i add<br><br> readonly on<br><br>to the slave configuration, it won't allow me to update!<br><br>my other query regards the {SSHA} password option used by the master to<br>bind to the slave, as i can't get this going either. i.e.<br><br>master-<br><br> bindmethod=simple credentials={SSHA}dfsEWF4fw4wrqdsFSD<br><br>does this hashed manager password need to be generated on the slave or<br>the master? or should either suffice?<br><br>thank you very much in advance for any guidance!<br><br>john<br><br>___________________________________________ ____<br>Join Excite! - http://www.excite.com<br>The most personalized portal on the Web!<br> _______________________________________________ Join Excite! - http://www.excite.com The most personalized portal on the Web!
