Hi david, i'm not sure about that, by havn't figured out why the credentials have to be in cleartext, but that was only possibility I got syncrepl working since I tried it with SSHA or MD5 prefixes. Did you tried that in cleartext?
just my two bucks and a half benjamin On Wed, Mar 10, 2010 at 10:01, [email protected] <[email protected]> wrote: > Hi all, > > i have a problem getting openldap to run monitor backend AND syncrepl > overlay. > i'm running freebsd-7.2-release-p6 in combination with > openldap-server-2.4.19 with sasl support compiled in. > > i use the following slapd config: > > include /usr/local/etc/openldap/schema/core.schema > include /usr/local/etc/openldap/schema/cosine.schema > include /usr/local/etc/openldap/schema/nis.schema > include /usr/local/etc/openldap/schema/inetorgperson.schema > include /usr/local/etc/openldap/schema/misc.schema > include /usr/local/etc/openldap/schema/ldapns.schema > include /usr/local/etc/openldap/schema/radius.schema > > pidfile /var/run/openldap/slapd.pid > argsfile /var/run/openldap/slapd.args > logfile /var/log/slapd.log > > password-hash {SSHA} > modulepath /usr/local/libexec/openldap > moduleload back_bdb > moduleload back_monitor > > access to dn.base="" by * read > access to dn.base="cn=Subschema" by * read > access to * > by ssf=128 dn="cn=admin,dc=example,dc=de" write > by dn="cn=admin,dc=example,dc=de" peername.ip=127.0.0.1 write > by ssf=96 dn="cn=nssadmin,dc=example,dc=de" read > by dn="cn=nssadmin,dc=example,dc=de" peername.ip=127.0.0.1 read > by anonymous auth > by * none > access to attrs=userPassword > by self write > by anonymous auth > by * none > > database bdb > suffix "dc=example,dc=de" > rootdn "dc=example,dc=de" > directory /var/db/openldap-data > index objectClass,entryCSN,entryUUID eq > index uid pres,eq,sub > index memberUID eq > index uidNumber,gidNumber eq > index host eq > > database monitor > rootdn "cn=monitoring,cn=Monitor" > rootpw monitoring > > access to dn.subtree="cn=Monitor" > by dn="cn=nssadmin,dc=example,dc=de" > by * none > > syncrepl rid=041 > provider=ldap://ldap-master.example.de > type=refreshOnly > interval=00:00:35:00 > searchbase="dc=example,dc=de" > schemachecking=off > bindmethod=simple > starttls=yes > binddn="cn=syncuser,dc=example,dc=de" > credentials="strongsecretpassword" > > TLSCertificateFile /usr/local/etc/openldap/ssl/ldap-crt.pem > TLSCertificateKeyFile /usr/local/etc/openldap/ssl/ldap-key.pem > TLSCACertificateFile /usr/local/etc/openldap/ssl/cacert.pem > > loglevel 256 > > now, when i run slaptest i receive following error: > > /usr/local/etc/openldap/slapd.conf: line 59: database monitor does not > support operations required for syncrepl > slaptest: bad configuration file! > > Line 59 corresponds to the credentials option in the synrepl statement. > i can't figure out whats wrong, so if anyone can point me in the right > direction that would be really helpful. > > thanks in advance, > david > -- To be or not to be -- Shakespeare | To do is to be -- Nietzsche | To be is to do -- Sartre | Do be do be do -- Sinatra
