LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 07-01-2008, 07:55 AM   #1
aravind1024004
Member
 
Registered: Mar 2008
Posts: 47

Rep: Reputation: 15
openldap


hi

i had configured openldap in rhel5 as master/slave
openldap version is 2.3
Slave is not getting replicating from master.
These are the logs generated in master and slave server.
plz help me with this issue.

At the time restarting slapd.conf in master server.

[root@master~]# tail -f /var/log/slapd.logJul 1 21:07:21 master slapd[2960]: daemon: shutdown requested and initiated.
Jul 1 21:07:21 master slapd[2960]: slapd shutdown: waiting for 0 threads to terminate
Jul 1 21:07:21 master slapd[2960]: slapd stopped.
Jul 1 21:07:22 master slapd[3254]: @(#) $OpenLDAP: slapd 2.3.27 (Jan 3 2007 13:13:17) $ brewbuilder@ls20-bc1-13.build.redhat.com:/builddir/build/BUILD/openldap-2.3.27/openldap-2.3.27/build-servers/servers/slapd
Jul 1 21:07:23 master slapd[3255]: slapd starting
==================================================================================================== ========================


###At the time of restarting the slave slapd.conf#####


[root@master~]# tail -f /var/log/slapd.log
Jul 1 21:08:34 master slapd[3255]: conn=0 fd=13 ACCEPT from IP=192.168.117.5:35205 (IP=0.0.0.0:389)
Jul 1 21:08:34 master slapd[3255]: conn=0 op=0 BIND dn="cn=syncuser,dc=panafnet,dc=com" method=128
Jul 1 21:08:34 master slapd[3255]: conn=0 op=0 RESULT tag=97 err=49 text=Jul 1 21:08:35 master slapd[3255]: conn=0 op=1 UNBIND
Jul 1 21:08:35 master slapd[3255]: conn=0 fd=13 closed
Jul 1 21:08:35 master slapd[3255]: connection_read(13): no connection!



[root@slave ~]# tail -f /var/log/slapd.logJun 30 10:40:36 slave slapd[6481]: daemon: shutdown requested and initiated.
Jun 30 10:40:36 slave slapd[6481]: slapd shutdown: waiting for 0 threads to terminate
Jun 30 10:40:36 slave slapd[6481]: slapd stopped.
Jun 30 10:40:37 slave slapd[6758]: @(#) $OpenLDAP: slapd 2.3.27 (Jan 3 2007 13:13:17) $ brewbuilder@ls20-bc1-13.build.redhat.com:/builddir/build/BUILD/openldap-2.3.27/openldap-2.3.27/build-servers/servers/slapd
Jun 30 10:40:38 slave slapd[6759]: slapd starting
Jun 30 10:40:38 slave slapd[6759]: do_syncrep1: ldap_sasl_bind_s failed (49)
 
Old 07-01-2008, 11:47 AM   #2
druuna
LQ Veteran
 
Registered: Sep 2003
Posts: 10,532
Blog Entries: 7

Rep: Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373Reputation: 2373
Hi,

This err=49 and this ldap_sasl_bind_s failed (49) both tell you that you used invalid credentials.

There's not much more to go on, maybe it's enough to help you solve the problem.
If not, tell us a bit more (how are both master and slave set up, was the initial 'master data' replicated to the slave? etc).
 
Old 07-01-2008, 11:36 PM   #3
aravind1024004
Member
 
Registered: Mar 2008
Posts: 47

Original Poster
Rep: Reputation: 15
hi,

Thanks for your reply.
Could you plz tell me which credentials you are talking about.
I had used credentials in slave slapd.conf.

These is my configuration file.Here the credentials which i was used was everything correct.

======================================
/etc/openldap/slapd.conf(master)=========================================


# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/qmail.schema

pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args

access to attrs=userPassword
by self write
by dn="cn=syncuser,dc=panafnet,dc=com" read
by * auth

access to *
by dn="cn=syncuser,dc=panafnet,dc=com" read
by * read


database bdb
suffix "dc=panafnet,dc=com"
rootdn "cn=Manager,dc=panafnet,dc=com"
rootpw {SSHA}9ma4wkvWQM2ws7E9q7qIgK9vQ2Rp4IhZ



directory /var/lib/ldap/panafnet.com

# Indices to maintain for this database
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
index default sub
index entryCSN,entryUUID eq

overlay syncprov
syncprov-checkpoint 100 05
========================================================================
/etc/ldap.conf(master)
=========================================================================
host 192.168.117.4 192.168.117.5

# The distinguished name of the search base.
base dc=panafnet,dc=com
# The distinguished name to bind to the server with.
# Optional: default is to bind anonymously.
binddn dc=panafnet,dc=com

# The credentials to bind with.
# Optional: default is no credential.
bindpw secret
# may incur a small performance impact.
nss_base_passwd ou=People,dc=panafnet,dc=com?one
nss_base_shadow ou=People,dc=panafnet,dc=com?one
nss_base_group ou=Group,dc=panafnet,dc=com?one

#uri ldap://127.0.0.1/
ssl no
tls_cacertdir /etc/openldap/cacerts
pam_password md5
========================================================================

/etc/openlldap/lapd.conf(slave)=========================================================================
# network or connect timeouts (see bind_timelimit).
host 192.168.117.5 192.168.117.4

# The distinguished name of the search base.
base dc=panafnet,dc=com

# The distinguished name to bind to the server with.
# Optional: default is to bind anonymously.
binddn dc=panafnet,dc=com

# The credentials to bind with.
# Optional: default is no credential.
bindpw secret

# to append the default base DN but this
# may incur a small performance impact.
nss_base_passwd ou=People,dc=panafnet,dc=com?one
nss_base_shadow ou=People,dc=panafnet,dc=com?one
nss_base_group ou=Group,dc=pananfet,dc=com?one
#nss_base_hosts ou=Hosts,dc=example,dc=com?one

ssl no
tls_cacertdir /etc/openldap/cacerts

========================================================================
/etc/openldap/slapd.conf(slave)
=========================================================================

#######################################################################
# ldbm and/or bdb database definitions
#######################################################################

database bdb
suffix "dc=panafnet,dc=com"
rootdn "cn=Manager,dc=panafnet,dc=com"
rootpw {SSHA}F/VF2kcFeRzWxmYddG2JryM/0odBN7Hy

directory /var/lib/ldap/panafnet.com

syncrepl
rid=0
provider=ldap://192.168.117.4:389
binddn="dc=panafnet,dc=com"
bindmethod=simple
credentials=SyncUser
searchbase="dc=panafnet,dc=com"
filter="(objectClass=*)"
attrs="*"
schemachecking=off
scope=sub
type=refreshOnly
interval=00:00:00:06

access to attrs=userPassword
by dn="cn=syncuser,dc=panafnet,dc=com" write
by * auth

access to *
by dn="cn=syncuser,dc=panafnet,dc=com" write
by * read

# Indices to maintain for this database
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
index default sub
index entryCSN,entryUUID eq


==================================================================================================== ======================
 
Old 07-30-2008, 11:57 AM   #4
jnojr
Member
 
Registered: Sep 2007
Location: San Diego, CA
Posts: 175

Rep: Reputation: 15
I'm getting the do_syncrep1: ldap_sasl_bind_s failed (49) error when trying to use syncreply, too. I know my username and password is correct, as I can log on to a client system with them. On the producer side, I get:

ber_get_next on fd 13 failed errno=11 (Resource temporarily unavailable)

And:

bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30989)

Any ideas?
 
Old 07-31-2008, 10:26 PM   #5
ziox
Member
 
Registered: Apr 2004
Distribution: RedHat, Fedora, Suse, Debian, Gentoo, Mandrake
Posts: 132

Rep: Reputation: 15
SyncRepl Never worked

Have anybody got syncrepl to work as expected?

scenario 1:
Master/Slave

any update just show up on the master...
doesn't matter you inserted it on the master or the slave...
means authentication works...
+ always doesn't work without referral !!!
not just this... when you delete something
never get deleted on the slave... just on the master
and stays on the slave...
when you try to delete it is says No such Object

I'm using ldapadmin.exe client http://ldapadmin.sourceforge.net/


scenario 2:
Multi-Master never worked

without referral ... it complains [No update referral!!!]




with referral [error referral]
I added server 1 as referral on server 2
and ... server 2 on 1

I use the configuration which everybody uses
from openldap.org & http://www.zytrax.com/books/ldap/ch7

use cn=manager,xxxxxxxxxxx on both
used another user with permission to write to everything


openldap 2.3

also I had loglevel to show sync process
but never found slapd.log or even anything in /var/log/messages

So, the questions is & and it is for whomever wrote these
tutorials on openldap.org & http://www.zytrax.com/books/ldap/

Have you ever got this configuration to work?!!! {as you posted it}




Last edited by ziox; 07-31-2008 at 11:11 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
OpenLDAP velu.net Linux - Software 1 11-16-2006 08:34 PM
openldap.so.2 mrlucio79 Fedora 2 08-24-2006 02:28 PM
AD, OpenLDAP bentman78 Linux - Networking 1 03-15-2005 12:34 PM
openldap quarry_06 Linux - Networking 7 11-21-2004 01:11 PM
PAM+OpenLDAP serji Linux - Software 0 05-21-2004 07:02 AM


All times are GMT -5. The time now is 08:35 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration