gtalk:[email protected] <gtalk%[email protected]>
On Mon, Jun 7, 2010 at 6:09 PM, Buchan Milne <[email protected]>wrote: > On Monday, 7 June 2010 07:10:00 owen nirvana wrote: > > my env is Debian squeeze, OpenLDAP 2.4.17( from packages.debian.org) > > I create an OpenLDAP Server, and try to config N-Wat multi-master, > > according to OpenLDAP Admin Guide. > > i adding init.ldif file on the server , the following is the content > > > > *dn: cn=config > > objectClass: olcGlobal > > cn: config > > olcServerID: 1 > > > > dn: olcDatabase={0}config,cn=config* * > > objectClass: olcDatabaseConfig > > olcDatabase: {0}config > > olcRootPW: secret* > > > > and I get error --- "insufficient access" , even if I set "acess to * by > * > > write" in slapd.conf > > i know that. I want to give binddn an enough priviledge my binddn is rootdn, "cn=admin,dc=example,dc=org" *ldapadd -c -D "cn=admin,dc=example,dc=org" -x -w ${rootpw} -f init.ldif* i think, the content about n-way configuration in guide is a howto , but ${passwd} should be replaced by mine > One of slapd.conf or this ldif is irrelevant. Only one of them can apply > at a > time. Please be careful to check how your slapd is being started (e.g. > whether > -f or -F flags are passed or not etc.). > > > > > actually, I don't understand what the guide said. > > Maybe you need to read the guide more ... > > Also, note that it is not a "HOWTO", but documents how various aspects > work, > not necessarily just copy-and-paste examples to use without thinking ... > > > > > ''''''''''''' > > > > This sets up the config database: > > > > * dn: cn=config > > objectClass: olcGlobal > > cn: config > > olcServerID: 1 > > > > dn: olcDatabase={0}config,cn=config > > objectClass: olcDatabaseConfig > > olcDatabase: {0}config > > > > olcRootPW: secret* > > > > '''''''''''''''''''''''''''' > > the above configuration block could not be import in my computer, it is > > said at the begin. > > > > '''''''''''''''''''''''''''' > > > > Now we setup the first Master Node (replace $URI1, $URI2 and $URI3 etc. > > with your actual ldap urls): > > > > * dn: cn=config > > changetype: modify > > replace: olcServerID > > olcServerID: 1 $URI1 > > olcServerID: 2 $URI2 > > olcServerID: 3 $URI3 > > > > dn: olcOverlay=syncprov,olcDatabase={0}config,cn=config > > > > changetype: add > > objectClass: olcOverlayConfig > > objectClass: olcSyncProvConfig > > olcOverlay: syncprov > > > > dn: olcDatabase={0}config,cn=config > > changetype: modify > > add: olcSyncRepl > > > > olcSyncRepl: rid=001 provider=$URI1 binddn="cn=config" > > bindmethod=simple credentials=secret searchbase="cn=config" > > type=refreshAndPersist retry="5 5 300 5" timeout=1 > > > > olcSyncRepl: rid=002 provider=$URI2 binddn="cn=config" > > bindmethod=simple credentials=secret searchbase="cn=config" > > type=refreshAndPersist retry="5 5 300 5" timeout=1 > > > > olcSyncRepl: rid=003 provider=$URI3 binddn="cn=config" > > bindmethod=simple credentials=secret searchbase="cn=config" > > type=refreshAndPersist retry="5 5 300 5" timeout=1 > > > > - > > add: olcMirrorMode > > olcMirrorMode: TRUE* > > > > '''''''''''''''''''''''''''' > > Which DN did you bind as when trying to apply this LDIF? E.g., can you > supply > the ldapmodify commandline you used? > > Note that according to your back-config extract above, you should have > bound as > cn=config, but you need to check whether you are using slapd.conf or > back-config > for configuration. > > > > > the configuration block seems conflict with the former, why should I > write > > "olcServerID: 1 $URI1" into LDAP Server if "olcServerID: 1" is right, > and > > why should I not write an entire configuration, but two configuration > file > > which seems conflict separately. > > If you are doing configuration replication, the different servers need to > be > able to identify which server ID belongs to them. The means for doing this > is > providing the URL, which the server will try and match to one of it's > listening addresses (e.g. -h option to slapd). > > > I have set up an unlimit previledge, why LDAP Server report "insufficient > > access". what previledge should be set. > > Probably with good reason, which we can't determine without answers to the > questions above. > > Regards, > Buchan > actually , I do dispatch the different serverID to every machine, but dn: cn=config changetype: modify replace: olcServerID olcServerID: 1 $URI1 olcServerID: 2 $URI2 olcServerID: 3 $URI3 dn: cn=config objectClass: olcGlobal cn: config olcServerID: 1 in my opinion, the two blocks is two different entry, why to replace by the former after writing the latter into LDAP Server.
