RE: Syncrepl - ldap_bind: Invalid credentials error

Tue, 01 Jun 2010 09:53:01 -0700 

I increased the logging and found this upon starting up the provider:

=> bdb_search
bdb_dn2entry("cn=accesslog")
=> access_allowed: search access to "cn=accesslog" "entry" requested
<= root access granted
=> access_allowed: search access granted by manage(=mwrscxd)
search_candidates: base="cn=accesslog" (0x00000001) scope=1
=> bdb_dn2idl("cn=accesslog")
bdb_idl_fetch_key: %cn=accesslog
<= bdb_dn2idl: get failed: DB_NOTFOUND: No matching key/data pair found (-30988)
bdb_search_candidates: failed (rc=-30988)
bdb_search: no candidates

I realised that I hadn’t created a cn=accesslog.

I’ve done that now with an ldif file, results of an ldapsearch on that entry 
below,  but still get the same error.

ldapsearch -x -b dc=city,dc=ac,dc=uk cn=accesslog
version: 1
dn: cn=accesslog,dc=city,dc=ac,dc=uk
objectClass: auditContainer
cn: accesslog

Is there something more I need to do for the cn=accesslog to work?

From: Gocher, Mark [mailto:mark.goche...@city.ac.uk]
Sent: 01 June 2010 09:51
To: openldap-technical@openldap.org
Subject: Syncrepl - ldap_bind: Invalid credentials error

I’m receiving the following error on my consumer, using logging -d stats + args 
+ trace + sync 2> /var/log/ldap

@(#) $OpenLDAP: slapd 2.4.22 (May 21 2010 12:10:42) $
        @cambridge:/usr/local/openldap-2.4.22/servers/slapd
slapd starting
slap_client_connect: URI=ldap://oxford.unix1.city.ac.uk:389 
DN="cn=replicator,dc=city,dc=ac,dc=uk" ldap_sasl_bind_s failed (49)


I can see from the documentation that my consumer is not authenticating to my 
provider, but I can’t see what the error is. If any other info would help 
please let me know.

I have created the uid for replicator and repeated this search with the ‘access 
to attrs=userPassword’ line commented out on the provider to ensure that the 
userPassword for replicator is clear text ‘secret’. I can also perform this 
search from the consumer successfully.

ldapsearch -x -b dc=city,dc=ac,dc=uk uid=replicator
version: 1
dn: uid=replicator,ou=users,dc=city,dc=ac,dc=uk
objectClass: person
objectClass: posixAccount
objectClass: inetOrgPerson
sn: replicator
cn: replicator
uid: replicator
uidNumber: 22258
gidNumber: 22258
homeDirectory: /export/home/replicator
userPassword: secret
displayName: replicator
mail: None
labeledURI: None
description: openLDAP replication id


Consumer ldap.conf:

database        bdb
suffix          "dc=city,dc=ac,dc=uk"
rootdn          "cn=DSAmgr,dc=city,dc=ac,dc=uk"
rootpw         {CRYPT}*******
directory       /var/opt/csw/openldap-data
index   default         pres,eq,sub
index   objectClass     eq
index   cn
index   sn
index   uid
access to attrs=userPassword
        by anonymous auth
        by * none

access to * by * read
index entryUUID eq
syncrepl  rid=0
               provider=ldap://oxford.unix1.city.ac.uk:389
               bindmethod=simple
               binddn="cn=replicator,dc=city,dc=ac,dc=uk"
               credentials=secret
               searchbase="dc=city,dc=ac,dc=uk"
               logbase="cn=accesslog"
               logfilter="(&(objectClass=auditWriteObject)(reqResult=0))"
               schemachecking=on
               type=refreshAndPersist
               retry="60 +"
               syncdata=accesslog
updateref               ldap://oxford.unix1.city.ac.uk
database monitor

Provider ldap.conf:
database        bdb
suffix          "dc=city,dc=ac,dc=uk"
rootdn          "cn=DSAmgr,dc=city,dc=ac,dc=uk"
rootpw         {CRYPT}aZmvWMwFgg.vk

directory       /var/opt/csw/openldap-data
index   default         pres,eq,sub
index   objectClass     eq
index   cn
index   sn
index   uid
access to *
        by dn.base="cn=replicator,dc=city,dc=ac,dc=uk" read
        by * break

access to attrs=userPassword
       by anonymous auth
       by * none

access to *
        by * read

modulepath /usr/local/openldap-2.4.22
moduleload back_bdb.la
moduleload accesslog.la
moduleload syncprov.la
database bdb
suffix cn=accesslog
directory /var/opt/csw/accesslog
rootdn cn=accesslog
index default eq
index objectClass,reqEnd,reqResult,reqStart

overlay syncprov
syncprov-nopresent TRUE
syncprov-reloadhint TRUE
limits dn.exact="cn=replicator,dc=city,dc=ac,dc=uk" time.soft=unlimited 
time.hard=unlimited size.soft=unlimited size.hard=unlimited
#     database bdb
#     suffix "dc=dc=city,dc=ac,dc=uk"
#     rootdn "cn=DSAmgr,dc=city,dc=ac,dc=uk"
index entryCSN eq
index entryUUID eq
overlay syncprov
syncprov-checkpoint 1000 60
overlay accesslog
logdb cn=accesslog
logops writes
logsuccess TRUE
logpurge 99+00:00 00+00:01

# Let the replica DN have limitless searches
limits dn.exact="cn=replicator,dc=city,dc=ac,dc=uk" time.soft=unlimited 
time.hard=unlimited size.soft=unlimited size.hard=unlimited
database monitor

Reply via email to