Selon Buchan Milne <[email protected]>: > On Thursday, 26 November 2009 16:35:00 [email protected] wrote: > > Hello guys, > > > > I'm meeting an issue when configuring ldap replication. > > The synchronisation account doesn't authenticate with the provider. > > > > Here are my configuration files : > > > > /etc/ldap/slapd.conf (provider): > > ----------------------- > > moduleload syncprov > > database bdb > > overlay syncprov > > syncprov-checkpoint 100 10 > > syncprov-sessionlog 100 > > > > index objectClass,entryCSN,entryUUID eq > > > > /etc/ldap/slapd.conf (consumer): > > -------------------------- > > Syncrepl rid=666 > > provider=ldaps://provider.domain.tld:636/ > > type=refreshOnly > > retry="60 10 600 +" > > interval=00:00:30:00 > > searchbase="dc=domain,dc=tld" > > scope=sub > > schemachecking=on > > bindmethod=simple > > binddn="cn=syncrepluser,dc=domain,dc=tld" > > credentials=secret > > > > Errors below : > > >From consumer > > > > ------------ > > slap_client_connect: URI=ldaps://provider.domain.tld:636/ > > DN="cn=syncrepluser,dc=domain,dc=tld" ldap_sasl_bind_s failed (49) > > do_syncrepl: rid=666 retrying (9 retries left) > > > > >From provider > > > > ------------ > > Nov 26 15:28:47 provider slapd[2514]: do_bind: version=3 > > dn="cn=syncrepluser,dc=domain,dc=tld" method=128 > > Nov 26 15:28:47 provider slapd[2514]: > > bdb_dn2entry("cn=syncrepluser,dc=domain,dc=tld") > > Nov 26 15:28:47 provider slapd[2514]: => > > bdb_dn2id("cn=syncrepluser,dc=domain,dc=tld") > > Nov 26 15:28:47 provider slapd[2514]: <= bdb_dn2id: get failed: > > DB_NOTFOUND: No matching key/data pair found (-30990) > > The DN you specified doesn't seem to exist. > > > Nov 26 15:28:47 provider slapd[2514]: send_ldap_result: conn=3 op=0 p=3 > > Nov 26 15:28:47 provider slapd[2514]: send_ldap_response: msgid=1 tag=97 > > err=49 Nov 26 15:28:47 provider slapd[2514]: connection_get(14): got > > connid=3 Nov 26 15:28:47 provider slapd[2514]: connection_read(14): > > checking for input on id=3 > > Nov 26 15:28:47 provider slapd[2514]: ber_get_next on fd 14 failed errno=0 > > (Success) > > Nov 26 15:28:47 provider slapd[2514]: connection_closing: readying conn=3 > > sd=14 for close > > Nov 26 15:28:47 provider slapd[2514]: connection_close: deferring conn=3 > > sd=14 Nov 26 15:28:47 provider slapd[2514]: conn=3 op=1 do_unbind > > Nov 26 15:28:47 provider slapd[2514]: connection_resched: attempting > > closing conn=3 sd=14 > > Nov 26 15:28:47 provider slapd[2514]: connection_close: conn=3 sd=14 > > > > > > Do i have to create an account in the ldap tree? > > Syncrepl performs an LDAP search against the provider. As with any ldap > search, it needs to perform a bind as an identity that has sufficient access > to > retrieve the data it needs to replicate the directory content. You could > either use the rootdn on the provider (not recommended) or anonymous access > (not recommended) with a totally unsecured provider, or you need to use a DN > that has been granted sufficient access. > > See for example: > http://www.openldap.org/doc/admin24/replication.html#Set%20up%20the%20consumer%20slapd > > (unfortunately, the preceding section doesn't show the access controls > mentioned, nor the creation of the DN) > > > Is there a problem using SSL? > > A problem with SSL wouldn't give you an "invalid credentials" error. > > Regards, > Buchan >
Ok thanks Buchan, I only had to create an account.
