On 4/5/07, Jools <[EMAIL PROTECTED]> wrote:
Hi All,I'm half way through implementing and LDAP Master/Slave setup and have ground to a halt on replication. I have LDAP working fine on the master and Samba works fine with it but I can't get the slurpd to push changes to the slave. When I try I get the following: Apr 5 15:15:37 smb7 slapd[5578]: fd=16 DENIED from unknown (172.20.0.105) I have the following in slapd.conf on the master: replica host=172.20.0.107:389 binddn="cn=Replicator,dc=People,dc=bordengrammar,dc=kent,dc=sch,dc=uk" bindmethod=simple credentials=??????????? (omitted for obvious reasons) and this on the slave: # Replicas running syncrepl as non-rootdn "cn=Administrator,dc=bordengrammar,dc=kent,dc=sch,dc=uk" limits group="cn=Replicator,dc=Group,dc=bordengrammar,dc=kent,dc=sch,dc=uk" size=unlimited time=unlimited # ACL ensuring replicator has write access access to * by group="cn=Replicator,ou=Group,dc=bordengrammar,dc=kent,dc=sch,dc=uk" write by * read # Replica configuration (if this server is a slave) updatedn "cn=Replicator,dc=People,dc=bordengrammar,dc=kent,dc=sch,dc=uk" updateref "ldap://172.20.0.105";
Your updatedn doesn't match your ACL. Can you try some stuff with cn=Replicator,ou=Group,dc=bordengrammar,dc=kent,dc=sch,dc=uk directly with ldapmodify first? And then change the updatedn or acl accordingly. Maybe you should try using access to * by dn.exact="" write instead of group="". Also:
# Replicas running syncrepl as non-rootdn "cn=Administrator,dc=bordengrammar,dc=kent,dc=sch,dc=uk" limits group="cn=Replicator,dc=Group,dc=bordengrammar,dc=kent,dc=sch,dc=uk" size=unlimited time=unlimited
You're not using syncrepl (at least, you seem to want to use slurpd), so that's a little confusing. And I'm also not sure if this 'limits' is going to work for the same reasons I'm not sure about the acl. fyi- slurpd is getting deprecated in 2.5 or something. _Matt
