hello, I would say, try to understand the meaning of what you do. The openldap admin guide is a good place to start.
- for instance, on the slave, you bind to the master with dn uid=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp and password secretofreplicator does this objet exist *on the master*? with the right password? does this account have the right acl to read everything on the master (i.e., on the master, the acl is defined for cn=replicator,... which is not the same as uid=replicator,...) - also, why would you use the replicator dn as the rootdn for the slave? one last thing: I advise you change the password of both the master and slave. posting the file with the hash password of the root dn on the internet is not a good idea :-) good luck 2014-11-19 11:38 GMT+04:00 wailok tam <[email protected]>: > Hi, I am new to ldap. I am following the book "Mastering Openldap" to set up > replication > but I am getting the error given in the title when I start the slave with > "splad -d sync" . Replication does > not work. > > ****************************************************************************************************** > > slapd.conf of the Master: > > include /etc/openldap/schema/core.schema > include /etc/openldap/schema/cosine.schema > include /etc/openldap/schema/inetorgperson.schema > include /etc/openldap/schema/nis.schema > include /etc/openldap/schema/samba.schema > > > #modulepath /usr/lib/openldap > #moduleload syncprov.la > > # Allow LDAPv2 client connections. This is NOT the default. > allow bind_v2 > > # Do not enable referrals until AFTER you have a working directory > # service AND an understanding of referrals. > #referral ldap://root.openldap.org > > pidfile /var/run/openldap/slapd.pid > argsfile /var/run/openldap/slapd.args > > #sasl-realm ier.hit-u.ac.jp > #sasl-host localhost > #authz-regexp uid=([^,]*),cn=ier.hit-u.ac.jp,cn=DIGEST-MD5,cn=auth > cn=$1,dc=ier,dc=hit-u,dc=ac,dc=jp > > ####################################################################### > # ldbm and/or bdb database definitions > ####################################################################### > > database bdb > suffix "dc=ier,dc=hit-u,dc=ac,dc=jp" > rootdn "cn=root,dc=ier,dc=hit-u,dc=ac,dc=jp" > #rootpw {MD5}x1Ktlhm0p7RPnl/G01rhTQ== > rootpw secret > #password-hash {MD5} > directory /var/lib/ldap > > TLSCACertificateFile /usr/share/ssl/certs/nii-odca2.crt > TLSCertificateFile /usr/share/ssl/certs/mail.ier.hit-u.ac.jp.crt > TLSCertificateKeyFile /usr/share/ssl/certs/mail.ier.hit-u.ac.jp.key > > overlay syncprov > syncprov-checkpoint 50 10 > syncprov-sessionlog 100 > > # Indices to maintain for this database > index objectClass eq,pres > index ou,cn,mail,surname,givenname eq,pres,sub > index uidNumber,gidNumber,loginShell eq,pres > index uid,memberUid eq,pres,sub > index nisMapName,nisMapEntry eq,pres,sub > index entryCSN,entryUUID eq > idlcachesize 1000 > > > access to attrs=userPassword > by self write > by dn="cn=root,dc=ier,dc=hit-u,dc=ac,dc=jp" write > by dn="cn=dovecot,dc=ier,dc=hit-u,dc=ac,dc=jp" read > by dn.exact="cn=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp" read > by anonymous auth > by * none > > > > access to attrs=SambaLMPassword,SambaNTPassword > by dn="cn=root,dc=ier,dc=hit-u,dc=ac,dc=jp" write > by dn="cn=dovecot,dc=ier,dc=hit-u,dc=ac,dc=jp" read > by dn.exact="cn=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp" read > by self read > by anonymous auth > by * none > > access to * > by self write > by dn="cn=root,dc=ier,dc=hit-u,dc=ac,dc=jp" write > by dn.exact="cn=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp" read > by * read > > ***************************************************************************************************** > > sladp.conf of the slave: > > include /etc/openldap/schema/core.schema > include /etc/openldap/schema/cosine.schema > include /etc/openldap/schema/inetorgperson.schema > include /etc/openldap/schema/nis.schema > include /etc/openldap/schema/samba.schema > > # Allow LDAPv2 client connections. This is NOT the default. > allow bind_v2 > > # Do not enable referrals until AFTER you have a working directory > # service AND an understanding of referrals. > #referral ldap://root.openldap.org > > pidfile /var/run/openldap/slapd.pid > argsfile /var/run/openldap/slapd.args > > ####################################################################### > # ldbm and/or bdb database definitions > ####################################################################### > > database bdb > suffix "dc=ier,dc=hit-u,dc=ac,dc=jp" > #rootdn "cn=root,dc=ier,dc=hit-u,dc=ac,dc=jp" > rootdn "cn=replicator,dc=ier,dc=hit-u,dc=ac,dc=jp" > #rootpw {MD5}x1Ktlhm0p7RPnl/G01rhTQ== > rootpw secretofreplicator > #password-hash {MD5} > directory /var/lib/ldap > #TLSCACertificateFile /usr/share/ssl/certs/nii-odca2.crt > #TLSCertificateFile /usr/share/ssl/certs/mail.ier.hit-u.ac.jp.crt > #TLSCertificateKeyFile /usr/share/ssl/certs/mail.ier.hit-u.ac.jp.key > > > # Replicas of this database > #updatedn cn=replicator,dc=ier,dc=hit-u,dc=ac,dc=jp > #updateref uri=ldap://192.168.84.22 > > # Indices to maintain for this database > index objectClass eq,pres > index ou,cn,mail,surname,givenname eq,pres,sub > index uidNumber,gidNumber,loginShell eq,pres > index uid,memberUid eq,pres,sub > index nisMapName,nisMapEntry eq,pres,sub > index entryCSN,entryUUID eq > idlcachesize 1000 > > > #access to attrs=userPassword > # by dn="cn=replicator,dc=ier,dc=hit-u,dc=ac,dc=jp" write > # by self write > # by anonymous auth > # by * none > > > #access to * > # by dn="cn=replicator,dc=ier,dc=hit-u,dc=ac,dc=jp" write > # by self write > # by * read > > > > > #loglevel stats sync > > syncrepl rid=001 > provider=ldap://mail.ier.hit-u.ac.jp > type=refreshAndPersist > interval=00:00:05:00 > searchbase="dc=ier,dc=hit-u,dc=ac,dc=jp" > binddn="uid=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp" > bindmethod=simple > # bindmethod=sasl saslmech=DIGEST-MD5 > # authcid=replicator > credentials=secretofreplicator > > updateref ldap://mail.ier.hit-u.ac.jp/ > > > ***************************************************************************************** > what puzzles me is that: > > I try on the slave to access the master with > ldapsearch -x -H ldap://mail.ier.hit-u.ac.jp -W -D > 'cn=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp' '(uid=someone)' > > and it works. > > What is wrong? I really need your help. > > -- cordialement, Jephté Clain Direction des Systèmes d'Information et des Usages Numériques - 2IG Tél. 0262 93 86 31 Fax. 0262 93 81 06
