openldap
hi
i had configured openldap in rhel5 as master/slave openldap version is 2.3 Slave is not getting replicating from master. These are the logs generated in master and slave server. plz help me with this issue. At the time restarting slapd.conf in master server. [root@master~]# tail -f /var/log/slapd.logJul 1 21:07:21 master slapd[2960]: daemon: shutdown requested and initiated. Jul 1 21:07:21 master slapd[2960]: slapd shutdown: waiting for 0 threads to terminate Jul 1 21:07:21 master slapd[2960]: slapd stopped. Jul 1 21:07:22 master slapd[3254]: @(#) $OpenLDAP: slapd 2.3.27 (Jan 3 2007 13:13:17) $ brewbuilder@ls20-bc1-13.build.redhat.com:/builddir/build/BUILD/openldap-2.3.27/openldap-2.3.27/build-servers/servers/slapd Jul 1 21:07:23 master slapd[3255]: slapd starting ==================================================================================================== ======================== ###At the time of restarting the slave slapd.conf##### [root@master~]# tail -f /var/log/slapd.log Jul 1 21:08:34 master slapd[3255]: conn=0 fd=13 ACCEPT from IP=192.168.117.5:35205 (IP=0.0.0.0:389) Jul 1 21:08:34 master slapd[3255]: conn=0 op=0 BIND dn="cn=syncuser,dc=panafnet,dc=com" method=128 Jul 1 21:08:34 master slapd[3255]: conn=0 op=0 RESULT tag=97 err=49 text=Jul 1 21:08:35 master slapd[3255]: conn=0 op=1 UNBIND Jul 1 21:08:35 master slapd[3255]: conn=0 fd=13 closed Jul 1 21:08:35 master slapd[3255]: connection_read(13): no connection! [root@slave ~]# tail -f /var/log/slapd.logJun 30 10:40:36 slave slapd[6481]: daemon: shutdown requested and initiated. Jun 30 10:40:36 slave slapd[6481]: slapd shutdown: waiting for 0 threads to terminate Jun 30 10:40:36 slave slapd[6481]: slapd stopped. Jun 30 10:40:37 slave slapd[6758]: @(#) $OpenLDAP: slapd 2.3.27 (Jan 3 2007 13:13:17) $ brewbuilder@ls20-bc1-13.build.redhat.com:/builddir/build/BUILD/openldap-2.3.27/openldap-2.3.27/build-servers/servers/slapd Jun 30 10:40:38 slave slapd[6759]: slapd starting Jun 30 10:40:38 slave slapd[6759]: do_syncrep1: ldap_sasl_bind_s failed (49) |
Hi,
This err=49 and this ldap_sasl_bind_s failed (49) both tell you that you used invalid credentials. There's not much more to go on, maybe it's enough to help you solve the problem. If not, tell us a bit more (how are both master and slave set up, was the initial 'master data' replicated to the slave? etc). |
hi,
Thanks for your reply. Could you plz tell me which credentials you are talking about. I had used credentials in slave slapd.conf. These is my configuration file.Here the credentials which i was used was everything correct. ====================================== /etc/openldap/slapd.conf(master)========================================= # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/qmail.schema pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args access to attrs=userPassword by self write by dn="cn=syncuser,dc=panafnet,dc=com" read by * auth access to * by dn="cn=syncuser,dc=panafnet,dc=com" read by * read database bdb suffix "dc=panafnet,dc=com" rootdn "cn=Manager,dc=panafnet,dc=com" rootpw {SSHA}9ma4wkvWQM2ws7E9q7qIgK9vQ2Rp4IhZ directory /var/lib/ldap/panafnet.com # Indices to maintain for this database index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub index default sub index entryCSN,entryUUID eq overlay syncprov syncprov-checkpoint 100 05======================================================================== /etc/ldap.conf(master) ========================================================================= host 192.168.117.4 192.168.117.5 # The distinguished name of the search base. base dc=panafnet,dc=com # The distinguished name to bind to the server with. # Optional: default is to bind anonymously. binddn dc=panafnet,dc=com # The credentials to bind with. # Optional: default is no credential. bindpw secret # may incur a small performance impact. nss_base_passwd ou=People,dc=panafnet,dc=com?one nss_base_shadow ou=People,dc=panafnet,dc=com?one nss_base_group ou=Group,dc=panafnet,dc=com?one #uri ldap://127.0.0.1/ ssl no tls_cacertdir /etc/openldap/cacerts pam_password md5======================================================================== /etc/openlldap/lapd.conf(slave)========================================================================= # network or connect timeouts (see bind_timelimit). host 192.168.117.5 192.168.117.4 # The distinguished name of the search base. base dc=panafnet,dc=com # The distinguished name to bind to the server with. # Optional: default is to bind anonymously. binddn dc=panafnet,dc=com # The credentials to bind with. # Optional: default is no credential. bindpw secret # to append the default base DN but this # may incur a small performance impact. nss_base_passwd ou=People,dc=panafnet,dc=com?one nss_base_shadow ou=People,dc=panafnet,dc=com?one nss_base_group ou=Group,dc=pananfet,dc=com?one#nss_base_hosts ou=Hosts,dc=example,dc=com?one ssl no tls_cacertdir /etc/openldap/cacerts ======================================================================== /etc/openldap/slapd.conf(slave) ========================================================================= ####################################################################### # ldbm and/or bdb database definitions ####################################################################### database bdb suffix "dc=panafnet,dc=com" rootdn "cn=Manager,dc=panafnet,dc=com" rootpw {SSHA}F/VF2kcFeRzWxmYddG2JryM/0odBN7Hy directory /var/lib/ldap/panafnet.com syncrepl rid=0 provider=ldap://192.168.117.4:389 binddn="dc=panafnet,dc=com" bindmethod=simple credentials=SyncUser searchbase="dc=panafnet,dc=com" filter="(objectClass=*)" attrs="*" schemachecking=off scope=sub type=refreshOnly interval=00:00:00:06 access to attrs=userPassword by dn="cn=syncuser,dc=panafnet,dc=com" write by * auth access to * by dn="cn=syncuser,dc=panafnet,dc=com" write by * read # Indices to maintain for this database index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub index default sub index entryCSN,entryUUID eq ==================================================================================================== ====================== |
I'm getting the do_syncrep1: ldap_sasl_bind_s failed (49) error when trying to use syncreply, too. I know my username and password is correct, as I can log on to a client system with them. On the producer side, I get:
ber_get_next on fd 13 failed errno=11 (Resource temporarily unavailable) And: bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30989) Any ideas? |
SyncRepl Never worked
Have anybody got syncrepl to work as expected?
scenario 1: Master/Slave any update just show up on the master... doesn't matter you inserted it on the master or the slave... means authentication works... + always doesn't work without referral !!! not just this... when you delete something never get deleted on the slave... just on the master and stays on the slave... when you try to delete it is says No such Object I'm using ldapadmin.exe client http://ldapadmin.sourceforge.net/ scenario 2: Multi-Master never worked without referral ... it complains [No update referral!!!] with referral [error referral] I added server 1 as referral on server 2 and ... server 2 on 1 I use the configuration which everybody uses from openldap.org & http://www.zytrax.com/books/ldap/ch7 use cn=manager,xxxxxxxxxxx on both used another user with permission to write to everything openldap 2.3 also I had loglevel to show sync process but never found slapd.log or even anything in /var/log/messages So, the questions is & and it is for whomever wrote these tutorials on openldap.org & http://www.zytrax.com/books/ldap/ Have you ever got this configuration to work?!!! {as you posted it} |
All times are GMT -5. The time now is 12:19 PM. |