thx for your reply.
do i put in the slave conf file the same thing as the following command? > ldapsearch -x -H ldap://mail.ier.hit-u.ac.jp -W -D > > 'cn=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp' '(uid=someone)' ------------------------------ On Wed, Nov 19, 2014 9:25 AM GMT Jephte Clain wrote: >hello, > >I would say, try to understand the meaning of what you do. The >openldap admin guide is a good place to start. > >- for instance, on the slave, you bind to the master with dn >uid=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp and password >secretofreplicator >does this objet exist *on the master*? with the right password? does >this account have the right acl to read everything on the master >(i.e., on the master, the acl is defined for cn=replicator,... which >is not the same as uid=replicator,...) >- also, why would you use the replicator dn as the rootdn for the slave? > >one last thing: I advise you change the password of both the master >and slave. posting the file with the hash password of the root dn on >the internet is not a good idea :-) > >good luck > > >2014-11-19 11:38 GMT+04:00 wailok tam <[email protected]>: >> Hi, I am new to ldap. I am following the book "Mastering Openldap" to set up >> replication >> but I am getting the error given in the title when I start the slave with >> "splad -d sync" . Replication does >> not work. >> >> ****************************************************************************************************** >> >> slapd.conf of the Master: >> >> include /etc/openldap/schema/core.schema >> include /etc/openldap/schema/cosine.schema >> include /etc/openldap/schema/inetorgperson.schema >> include /etc/openldap/schema/nis.schema >> include /etc/openldap/schema/samba.schema >> >> >> #modulepath /usr/lib/openldap >> #moduleload syncprov.la >> >> # Allow LDAPv2 client connections. This is NOT the default. >> allow bind_v2 >> >> # Do not enable referrals until AFTER you have a working directory >> # service AND an understanding of referrals. >> #referral ldap://root.openldap.org >> >> pidfile /var/run/openldap/slapd.pid >> argsfile /var/run/openldap/slapd.args >> >> #sasl-realm ier.hit-u.ac.jp >> #sasl-host localhost >> #authz-regexp uid=([^,]*),cn=ier.hit-u.ac.jp,cn=DIGEST-MD5,cn=auth >> cn=$1,dc=ier,dc=hit-u,dc=ac,dc=jp >> >> ####################################################################### >> # ldbm and/or bdb database definitions >> ####################################################################### >> >> database bdb >> suffix "dc=ier,dc=hit-u,dc=ac,dc=jp" >> rootdn "cn=root,dc=ier,dc=hit-u,dc=ac,dc=jp" >> #rootpw {MD5}x1Ktlhm0p7RPnl/G01rhTQ== >> rootpw secret >> #password-hash {MD5} >> directory /var/lib/ldap >> >> TLSCACertificateFile /usr/share/ssl/certs/nii-odca2.crt >> TLSCertificateFile /usr/share/ssl/certs/mail.ier.hit-u.ac.jp.crt >> TLSCertificateKeyFile /usr/share/ssl/certs/mail.ier.hit-u.ac.jp.key >> >> overlay syncprov >> syncprov-checkpoint 50 10 >> syncprov-sessionlog 100 >> >> # Indices to maintain for this database >> index objectClass eq,pres >> index ou,cn,mail,surname,givenname eq,pres,sub >> index uidNumber,gidNumber,loginShell eq,pres >> index uid,memberUid eq,pres,sub >> index nisMapName,nisMapEntry eq,pres,sub >> index entryCSN,entryUUID eq >> idlcachesize 1000 >> >> >> access to attrs=userPassword >> by self write >> by dn="cn=root,dc=ier,dc=hit-u,dc=ac,dc=jp" write >> by dn="cn=dovecot,dc=ier,dc=hit-u,dc=ac,dc=jp" read >> by dn.exact="cn=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp" read >> by anonymous auth >> by * none >> >> >> >> access to attrs=SambaLMPassword,SambaNTPassword >> by dn="cn=root,dc=ier,dc=hit-u,dc=ac,dc=jp" write >> by dn="cn=dovecot,dc=ier,dc=hit-u,dc=ac,dc=jp" read >> by dn.exact="cn=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp" read >> by self read >> by anonymous auth >> by * none >> >> access to * >> by self write >> by dn="cn=root,dc=ier,dc=hit-u,dc=ac,dc=jp" write >> by dn.exact="cn=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp" read >> by * read >> >> ***************************************************************************************************** >> >> sladp.conf of the slave: >> >> include /etc/openldap/schema/core.schema >> include /etc/openldap/schema/cosine.schema >> include /etc/openldap/schema/inetorgperson.schema >> include /etc/openldap/schema/nis.schema >> include /etc/openldap/schema/samba.schema >> >> # Allow LDAPv2 client connections. This is NOT the default. >> allow bind_v2 >> >> # Do not enable referrals until AFTER you have a working directory >> # service AND an understanding of referrals. >> #referral ldap://root.openldap.org >> >> pidfile /var/run/openldap/slapd.pid >> argsfile /var/run/openldap/slapd.args >> >> ####################################################################### >> # ldbm and/or bdb database definitions >> ####################################################################### >> >> database bdb >> suffix "dc=ier,dc=hit-u,dc=ac,dc=jp" >> #rootdn "cn=root,dc=ier,dc=hit-u,dc=ac,dc=jp" >> rootdn "cn=replicator,dc=ier,dc=hit-u,dc=ac,dc=jp" >> #rootpw {MD5}x1Ktlhm0p7RPnl/G01rhTQ== >> rootpw secretofreplicator >> #password-hash {MD5} >> directory /var/lib/ldap >> #TLSCACertificateFile /usr/share/ssl/certs/nii-odca2.crt >> #TLSCertificateFile /usr/share/ssl/certs/mail.ier.hit-u.ac.jp.crt >> #TLSCertificateKeyFile /usr/share/ssl/certs/mail.ier.hit-u.ac.jp.key >> >> >> # Replicas of this database >> #updatedn cn=replicator,dc=ier,dc=hit-u,dc=ac,dc=jp >> #updateref uri=ldap://192.168.84.22 >> >> # Indices to maintain for this database >> index objectClass eq,pres >> index ou,cn,mail,surname,givenname eq,pres,sub >> index uidNumber,gidNumber,loginShell eq,pres >> index uid,memberUid eq,pres,sub >> index nisMapName,nisMapEntry eq,pres,sub >> index entryCSN,entryUUID eq >> idlcachesize 1000 >> >> >> #access to attrs=userPassword >> # by dn="cn=replicator,dc=ier,dc=hit-u,dc=ac,dc=jp" write >> # by self write >> # by anonymous auth >> # by * none >> >> >> #access to * >> # by dn="cn=replicator,dc=ier,dc=hit-u,dc=ac,dc=jp" write >> # by self write >> # by * read >> >> >> >> >> #loglevel stats sync >> >> syncrepl rid=001 >> provider=ldap://mail.ier.hit-u.ac.jp >> type=refreshAndPersist >> interval=00:00:05:00 >> searchbase="dc=ier,dc=hit-u,dc=ac,dc=jp" >> binddn="uid=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp" >> bindmethod=simple >> # bindmethod=sasl saslmech=DIGEST-MD5 >> # authcid=replicator >> credentials=secretofreplicator >> >> updateref ldap://mail.ier.hit-u.ac.jp/ >> >> >> ***************************************************************************************** >> what puzzles me is that: >> >> I try on the slave to access the master with >> ldapsearch -x -H ldap://mail.ier.hit-u.ac.jp -W -D >> 'cn=replicator,ou=Users,dc=ier,dc=hit-u,dc=ac,dc=jp' '(uid=someone)' >> >> and it works. >> >> What is wrong? I really need your help. >> >> > > > >-- >cordialement, >Jephté Clain >Direction des Systèmes d'Information >et des Usages Numériques - 2IG >Tél. 0262 93 86 31 >Fax. 0262 93 81 06 >
