LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   openldap (https://www.linuxquestions.org/questions/linux-server-73/openldap-652804/)

aravind1024004 07-01-2008 07:55 AM

openldap
 
hi

i had configured openldap in rhel5 as master/slave
openldap version is 2.3
Slave is not getting replicating from master.
These are the logs generated in master and slave server.
plz help me with this issue.

At the time restarting slapd.conf in master server.

[root@master~]# tail -f /var/log/slapd.logJul 1 21:07:21 master slapd[2960]: daemon: shutdown requested and initiated.
Jul 1 21:07:21 master slapd[2960]: slapd shutdown: waiting for 0 threads to terminate
Jul 1 21:07:21 master slapd[2960]: slapd stopped.
Jul 1 21:07:22 master slapd[3254]: @(#) $OpenLDAP: slapd 2.3.27 (Jan 3 2007 13:13:17) $ brewbuilder@ls20-bc1-13.build.redhat.com:/builddir/build/BUILD/openldap-2.3.27/openldap-2.3.27/build-servers/servers/slapd
Jul 1 21:07:23 master slapd[3255]: slapd starting
==================================================================================================== ========================


###At the time of restarting the slave slapd.conf#####


[root@master~]# tail -f /var/log/slapd.log
Jul 1 21:08:34 master slapd[3255]: conn=0 fd=13 ACCEPT from IP=192.168.117.5:35205 (IP=0.0.0.0:389)
Jul 1 21:08:34 master slapd[3255]: conn=0 op=0 BIND dn="cn=syncuser,dc=panafnet,dc=com" method=128
Jul 1 21:08:34 master slapd[3255]: conn=0 op=0 RESULT tag=97 err=49 text=Jul 1 21:08:35 master slapd[3255]: conn=0 op=1 UNBIND
Jul 1 21:08:35 master slapd[3255]: conn=0 fd=13 closed
Jul 1 21:08:35 master slapd[3255]: connection_read(13): no connection!



[root@slave ~]# tail -f /var/log/slapd.logJun 30 10:40:36 slave slapd[6481]: daemon: shutdown requested and initiated.
Jun 30 10:40:36 slave slapd[6481]: slapd shutdown: waiting for 0 threads to terminate
Jun 30 10:40:36 slave slapd[6481]: slapd stopped.
Jun 30 10:40:37 slave slapd[6758]: @(#) $OpenLDAP: slapd 2.3.27 (Jan 3 2007 13:13:17) $ brewbuilder@ls20-bc1-13.build.redhat.com:/builddir/build/BUILD/openldap-2.3.27/openldap-2.3.27/build-servers/servers/slapd
Jun 30 10:40:38 slave slapd[6759]: slapd starting
Jun 30 10:40:38 slave slapd[6759]: do_syncrep1: ldap_sasl_bind_s failed (49)

druuna 07-01-2008 11:47 AM

Hi,

This err=49 and this ldap_sasl_bind_s failed (49) both tell you that you used invalid credentials.

There's not much more to go on, maybe it's enough to help you solve the problem.
If not, tell us a bit more (how are both master and slave set up, was the initial 'master data' replicated to the slave? etc).

aravind1024004 07-01-2008 11:36 PM

hi,

Thanks for your reply.
Could you plz tell me which credentials you are talking about.
I had used credentials in slave slapd.conf.

These is my configuration file.Here the credentials which i was used was everything correct.

======================================
/etc/openldap/slapd.conf(master)=========================================


# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/qmail.schema

pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args

access to attrs=userPassword
by self write
by dn="cn=syncuser,dc=panafnet,dc=com" read
by * auth

access to *
by dn="cn=syncuser,dc=panafnet,dc=com" read
by * read


database bdb
suffix "dc=panafnet,dc=com"
rootdn "cn=Manager,dc=panafnet,dc=com"
rootpw {SSHA}9ma4wkvWQM2ws7E9q7qIgK9vQ2Rp4IhZ



directory /var/lib/ldap/panafnet.com

# Indices to maintain for this database
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
index default sub
index entryCSN,entryUUID eq

overlay syncprov
syncprov-checkpoint 100 05
========================================================================
/etc/ldap.conf(master)
=========================================================================
host 192.168.117.4 192.168.117.5

# The distinguished name of the search base.
base dc=panafnet,dc=com
# The distinguished name to bind to the server with.
# Optional: default is to bind anonymously.
binddn dc=panafnet,dc=com

# The credentials to bind with.
# Optional: default is no credential.
bindpw secret
# may incur a small performance impact.
nss_base_passwd ou=People,dc=panafnet,dc=com?one
nss_base_shadow ou=People,dc=panafnet,dc=com?one
nss_base_group ou=Group,dc=panafnet,dc=com?one

#uri ldap://127.0.0.1/
ssl no
tls_cacertdir /etc/openldap/cacerts
pam_password md5
========================================================================

/etc/openlldap/lapd.conf(slave)=========================================================================
# network or connect timeouts (see bind_timelimit).
host 192.168.117.5 192.168.117.4

# The distinguished name of the search base.
base dc=panafnet,dc=com

# The distinguished name to bind to the server with.
# Optional: default is to bind anonymously.
binddn dc=panafnet,dc=com

# The credentials to bind with.
# Optional: default is no credential.
bindpw secret

# to append the default base DN but this
# may incur a small performance impact.
nss_base_passwd ou=People,dc=panafnet,dc=com?one
nss_base_shadow ou=People,dc=panafnet,dc=com?one
nss_base_group ou=Group,dc=pananfet,dc=com?one
#nss_base_hosts ou=Hosts,dc=example,dc=com?one

ssl no
tls_cacertdir /etc/openldap/cacerts

========================================================================
/etc/openldap/slapd.conf(slave)
=========================================================================

#######################################################################
# ldbm and/or bdb database definitions
#######################################################################

database bdb
suffix "dc=panafnet,dc=com"
rootdn "cn=Manager,dc=panafnet,dc=com"
rootpw {SSHA}F/VF2kcFeRzWxmYddG2JryM/0odBN7Hy

directory /var/lib/ldap/panafnet.com

syncrepl
rid=0
provider=ldap://192.168.117.4:389
binddn="dc=panafnet,dc=com"
bindmethod=simple
credentials=SyncUser
searchbase="dc=panafnet,dc=com"
filter="(objectClass=*)"
attrs="*"
schemachecking=off
scope=sub
type=refreshOnly
interval=00:00:00:06

access to attrs=userPassword
by dn="cn=syncuser,dc=panafnet,dc=com" write
by * auth

access to *
by dn="cn=syncuser,dc=panafnet,dc=com" write
by * read

# Indices to maintain for this database
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
index default sub
index entryCSN,entryUUID eq


==================================================================================================== ======================

jnojr 07-30-2008 11:57 AM

I'm getting the do_syncrep1: ldap_sasl_bind_s failed (49) error when trying to use syncreply, too. I know my username and password is correct, as I can log on to a client system with them. On the producer side, I get:

ber_get_next on fd 13 failed errno=11 (Resource temporarily unavailable)

And:

bdb_dn2id: get failed: DB_NOTFOUND: No matching key/data pair found (-30989)

Any ideas?

ziox 07-31-2008 10:26 PM

SyncRepl Never worked
 
Have anybody got syncrepl to work as expected?

scenario 1:
Master/Slave

any update just show up on the master...
doesn't matter you inserted it on the master or the slave...
means authentication works...
+ always doesn't work without referral !!!
not just this... when you delete something
never get deleted on the slave... just on the master
and stays on the slave...
when you try to delete it is says No such Object

I'm using ldapadmin.exe client http://ldapadmin.sourceforge.net/


scenario 2:
Multi-Master never worked

without referral ... it complains [No update referral!!!]




with referral [error referral]
I added server 1 as referral on server 2
and ... server 2 on 1

I use the configuration which everybody uses
from openldap.org & http://www.zytrax.com/books/ldap/ch7

use cn=manager,xxxxxxxxxxx on both
used another user with permission to write to everything


openldap 2.3

also I had loglevel to show sync process
but never found slapd.log or even anything in /var/log/messages

So, the questions is & and it is for whomever wrote these
tutorials on openldap.org & http://www.zytrax.com/books/ldap/

Have you ever got this configuration to work?!!! {as you posted it}





All times are GMT -5. The time now is 07:40 PM.