Thanks Howard
I updated my config files according to the 2.3 Documentation but I still
have the same problem. Slapd starts without error on both the master and the
slave but when it runs syncrepl it complains about the sasl interactive bind
that fails:
Here is my new master slapd.conf:
++++++++++++++++++++++++++++++++++++++++++
loglevel 256
TLSCertificateFile /etc/openldap/servercert.pem
TLSCACertificateFile /etc/openldap/cacert.pem
TLSCertificateKeyFile /etc/openldap/serverkey.pem
database bdb
suffix "dc=tbiraq,dc=com"
rootdn "cn=Administrator,dc=mydomain,dc=com"
rootpw "{ssha}mypassword"
directory /var/lib/ldap/
checkpoint 1024 5
cachesize 10000
index objectClass,uidNumber,gidNumber eq
index member,mail eq,pres
index cn,displayname,uid,sn,givenname sub,eq,pres
#Entries for replication using sync-repl
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
+++++++++++++++++++++++++++++++++++++++++++++++++++++++
And the slave slapd.conf
+++++++++++++++++++++++++++++++++++++++++++++++++++++++
loglevel 256
TLSCertificateFile /etc/openldap/servercert.pem
TLSCACertificateFile /etc/openldap/cacert.pem
TLSCertificateKeyFile /etc/openldap/serverkey.pem
database bdb
suffix "dc=tbiraq,dc=com"
rootdn "cn=replica,dc=mydomain,dc=com"
rootpw "{ssha}mypassword"
directory /var/lib/ldap/
checkpoint 1024 5
cachesize 10000
index objectClass,uidNumber,gidNumber eq
index member,mail eq,pres
index cn,displayname,uid,sn,givenname sub,eq,pres
#Entries for replication using sync-repl
syncrepl rid=123
provider=ldap://ldap1.tbiraq.com
type=refreshAndPersist
#interval=01:00:00:00
searchbase="dc=mydomain,dc=com"
filter="(objectClass=organizationalPerson)"
scope=sub
attrs="cn,sn,ou,telephoneNumber,title,l"
schemachecking=off
#updatedn="cn=replica,dc=mydomain,dc=com"
bindmethod=sasl
#saslmech=digest-md5
binddn="cn=Administrator,dc=mydomain,dc=com"
credentials="{ssha}mypassword"
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
This is the /var/log/messages on the master:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Nov 16 05:56:50 ldap1 slapd[22629]: conn=8 fd=16 ACCEPT from IP=
192.168.2.246:14230 (IP=0.0.0.0:389)
Nov 16 05:56:50 ldap1 slapd[22629]: conn=8 op=0 SRCH base="" scope=0 deref=0
filter="(objectClass=*)"
Nov 16 05:56:50 ldap1 slapd[22629]: conn=8 op=0 SRCH
attr=supportedSASLMechanisms
Nov 16 05:56:50 ldap1 slapd[22629]: conn=8 op=0 SEARCH RESULT tag=101 err=0
nentries=1 text=
Nov 16 05:56:50 ldap1 slapd[22629]: conn=8 op=1 UNBIND
Nov 16 05:56:50 ldap1 slapd[22629]: conn=8 fd=16 closed
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
And /var/log/messages on the slave:
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Nov 15 14:22:29 ldap2 slapd[10667]: slapd starting
Nov 15 14:22:29 ldap2 slapd[10667]: do_syncrep1:
ldap_sasl_interactive_bind_s failed (16)
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
So even with the updated syntax, it seems that my problem has to do with
sasl?
Thanks in advance
Lawrence
On 14/11/2007, Howard Chu <[EMAIL PROTECTED]> wrote:
>
> Lawrence Strydom wrote:
> > Hi List,
> >
> > I need to configure a master and slave ldap server with replication.
> Icrepl
> > am running openSUSE10.2 and openldap2-2.3.27-25. Initially I was using
> > slurpd but syncrepl was recommended to me as being more agreeable with
> > my ldap version.
> >
> > I configured my master and slave according to the instructions from the
> > openldap web site:
> > http://www.openldap.org/doc/admin22/syncrepl.html
>
> You're reading the OpenLDAP 2.2 Admin Guide but you're running OpenLDAP
> 2.3.
> You really need to use the documentation that matches the version of
> software
> you're using.
>
> The configurations you have here are invalid.
>
> > Here is the slave slapd.conf:
>
> > And here is my master slapd.conf
>
>
> --
> -- Howard Chu
> Chief Architect, Symas Corp. http://www.symas.com
> Director, Highland Sun http://highlandsun.com/hyc/
> Chief Architect, OpenLDAP http://www.openldap.org/project/
>
