LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 07-30-2008, 04:34 PM   #1
jnojr
Member
 
Registered: Sep 2007
Location: Chandler, AZ
Posts: 227

Rep: Reputation: 20
OpenLDAP 2.3.27 syncrepl authentication problem


I have two servers running CentOS 5.2 and openldap-2.3.27-8.el5_2.4

10.99.16.11 is the master/producer, and can be used as an authentication server. It's slapd.conf is:

include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/DUAConfigProfile.schema
include /etc/openldap/schema/solaris.schema

allow bind_v2

pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args

access to attrs=userPassword,shadowLastChange
by self write
by anonymous auth
by dn.base="cn=Manager,dc=mydomain,dc=com" write
by * none
access to *
by self write
by dn.base="cn=Manager,dc=mydomain,dc=com" write
by * read

loglevel -1

database bdb
suffix "dc=mydomain,dc=com"
rootdn "cn=Manager,dc=mydomain,dc=com"
rootpw {SSHA}Iex0F3m24GcxJMup71DpGMlGMgZDta9o

directory /var/lib/ldap

index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub

overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100


10.99.16.7 is the slave/consumer. It's slapd.conf is:

include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/DUAConfigProfile.schema
include /etc/openldap/schema/solaris.schema

allow bind_v2

pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args

access to attrs=userPassword,shadowLastChange
by self write
by anonymous auth
by dn.base="cn=Manager,dc=mydomain,dc=com" write
by * none
access to *
by self write
by dn.base="cn=Manager,dc=mydomain,dc=com" write
by dn.base="cn=syncuser,dc=mydomain,dc=com" write
by * read

loglevel -1

database bdb
suffix "dc=mydomain,dc=com"
rootdn "cn=Manager,dc=mydomain,dc=com"

directory /var/lib/ldap

index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub

syncrepl rid=123
provider=ldap://10.99.16.11:389
type=refreshOnly
interval=01:00:00:00
searchbase="dc=mydomain,dc=com"
filter="(objectClass=*)"
scope=sub
attrs="*"
schemachecking=off
bindmethod=simple
binddn="cn=syncuser,dc=mydomain,dc=com"
credentials=aa11

updateref ldap://10.99.16.11


When I start ldap on .7, I get:

Jul 30 09:30:12 unix-services2 slapd[8391]: slapd starting
Jul 30 09:30:12 unix-services2 slapd[8391]: daemon: added 4r
Jul 30 09:30:12 unix-services2 slapd[8391]: daemon: added 7r
Jul 30 09:30:12 unix-services2 slapd[8391]: daemon: select:
listen=7active_threads=0 tvp=zero
Jul 30 09:30:12 unix-services2 slapd[8391]: =>do_syncrepl
Jul 30 09:30:12 unix-services2 slapd[8391]: do_syncrep1: ldap_sasl_bind_s failed (49)
Jul 30 09:30:12 unix-services2 slapd[8391]: daemon: shutdown requested
and initiated.
Jul 30 09:30:12 unix-services2 slapd[8391]: daemon: closing 7
Jul 30 09:30:12 unix-services2 slapd[8391]: slapd shutdown: waiting for
0 threads to terminate
Jul 30 09:30:12 unix-services2 slapd[8391]: slapd shutdown: initiated
Jul 30 09:30:12 unix-services2 slapd[8391]: ====> bdb_cache_release_all
Jul 30 09:30:12 unix-services2 slapd[8391]: slapd destroy: freeing system resources.
Jul 30 09:30:12 unix-services2 slapd[8391]: slapd stopped.


.11 says:

Jul 30 08:55:18 test1 slapd[4919]: daemon: read active on 13
Jul 30 08:55:18 test1 slapd[4919]: connection_get(13)
Jul 30 08:55:18 test1 slapd[4919]: connection_get(13): got connid=0
Jul 30 08:55:18 test1 slapd[4919]: connection_read(13): checking for
input on id=0
Jul 30 08:55:18 test1 slapd[4919]: ber_get_next on fd 13 failed errno=11
(Resource temporarily unavailable)
Jul 30 08:55:18 test1 slapd[4919]: daemon: select: listen=7
active_threads=0 tvp=NULL
Jul 30 08:55:18 test1 slapd[4919]: daemon: select: listen=8
active_threads=0 tvp=NULL
Jul 30 08:55:18 test1 slapd[4919]: do_bind
Jul 30 08:55:18 test1 slapd[4919]: >>> dnPrettyNormal:
<cn=syncuser,dc=mydomain,dc=com>
Jul 30 08:55:18 test1 slapd[4919]: <<< dnPrettyNormal:
<cn=syncuser,dc=mydomain,dc=com>,
<cn=syncuser,dc=mydomain,dc=com>
Jul 30 08:55:18 test1 slapd[4919]: do_bind: version=3
dn="cn=syncuser,dc=mydomain,dc=com" method=128
Jul 30 08:55:18 test1 slapd[4919]: conn=0 op=0 BIND
dn="cn=syncuser,dc=mydomain,dc=com" method=128
Jul 30 08:55:18 test1 slapd[4919]: ==> bdb_bind: dn:
cn=syncuser,dc=mydomain,dc=com
Jul 30 08:55:18 test1 slapd[4919]:
bdb_dn2entry("cn=syncuser,dc=mydomain,dc=com")
Jul 30 08:55:18 test1 slapd[4919]: =>
bdb_dn2id("cn=syncuser,dc=mydomain,dc=com")
Jul 30 08:55:18 test1 slapd[4919]: <= bdb_dn2id: get failed:
DB_NOTFOUND: No matching key/data pair found (-30989)
Jul 30 08:55:18 test1 slapd[4919]: send_ldap_result: conn=0 op=0 p=3
Jul 30 08:55:18 test1 slapd[4919]: send_ldap_result: err=49 matched=""
text=""
Jul 30 08:55:18 test1 slapd[4919]: send_ldap_response: msgid=1 tag=97
err=49
Jul 30 08:55:18 test1 slapd[4919]: conn=0 op=0 RESULT tag=97 err=49
text=


However, I can log in to a client that is using .11 as "syncuser" with "aa11" as the password. So this isn't a cut-and-dried authentication failure. Maybe an ACL issue, or ??? But it's got me stumped.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
samba and openldap authentication issues! kcorupe Linux - Server 2 04-24-2008 08:14 PM
System Authentication using openldap jpsingh Linux - Server 4 12-19-2006 10:33 PM
regarding openldap authentication Bharatsoni Linux - Enterprise 0 08-16-2006 04:59 AM
openldap authentication sunhui Linux - Software 1 08-03-2006 09:09 PM
OpenLDAP Authentication error paul_mat Linux - Networking 1 07-18-2005 12:48 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 03:36 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration