could not config n-way multi-master because insufficient access

Sun, 06 Jun 2010 23:14:21 -0700 

my env is Debian squeeze, OpenLDAP 2.4.17( from packages.debian.org)
I create an OpenLDAP Server, and try to config N-Wat multi-master, according
to OpenLDAP Admin Guide.
 i  adding init.ldif file on the server , the following is the content

*dn: cn=config
objectClass: olcGlobal
cn: config
olcServerID: 1

dn: olcDatabase={0}config,cn=config* *
objectClass: olcDatabaseConfig
olcDatabase: {0}config
olcRootPW: secret*

and I get error --- "insufficient access" , even if I set "acess to * by *
write" in slapd.conf

actually, I don't understand what the guide said.

'''''''''''''

This sets up the config database:

    * dn: cn=config
     objectClass: olcGlobal
     cn: config
     olcServerID: 1

     dn: olcDatabase={0}config,cn=config
     objectClass: olcDatabaseConfig
     olcDatabase: {0}config

     olcRootPW: secret*

''''''''''''''''''''''''''''
the above configuration block could not be import in my computer, it is said
at the begin.

''''''''''''''''''''''''''''

Now we setup the first Master Node (replace $URI1, $URI2 and $URI3 etc. with
your actual ldap urls):

   *  dn: cn=config
     changetype: modify
     replace: olcServerID
     olcServerID: 1 $URI1
     olcServerID: 2 $URI2
     olcServerID: 3 $URI3

     dn: olcOverlay=syncprov,olcDatabase={0}config,cn=config

     changetype: add
     objectClass: olcOverlayConfig
     objectClass: olcSyncProvConfig
     olcOverlay: syncprov

     dn: olcDatabase={0}config,cn=config
     changetype: modify
     add: olcSyncRepl

     olcSyncRepl: rid=001 provider=$URI1 binddn="cn=config" bindmethod=simple
       credentials=secret searchbase="cn=config" type=refreshAndPersist
       retry="5 5 300 5" timeout=1

     olcSyncRepl: rid=002 provider=$URI2 binddn="cn=config" bindmethod=simple
       credentials=secret searchbase="cn=config" type=refreshAndPersist
       retry="5 5 300 5" timeout=1

     olcSyncRepl: rid=003 provider=$URI3 binddn="cn=config" bindmethod=simple
       credentials=secret searchbase="cn=config" type=refreshAndPersist
       retry="5 5 300 5" timeout=1

     -
     add: olcMirrorMode
     olcMirrorMode: TRUE*

''''''''''''''''''''''''''''

the configuration block seems conflict with the former, why should I write
"olcServerID: 1 $URI1" into LDAP Server if  "olcServerID: 1" is right, and
why should I not write an entire configuration, but two configuration file
which seems conflict separately.

I have set up an unlimit previledge, why LDAP Server report "insufficient
access". what previledge should be set.


thanks for help

gtalk:[email protected] <gtalk%[email protected]>

Reply via email to