NethServer Version: v7rc3
Module: openldap
Hi all,
I have spent hours trying to unsuccesfully setup a two node Master-Master NS ldap replication. I need to replicate the NS server (mainly only mail services are setup) to a second node. I intend to have a live copy of the primary node data replicate to the second node. Let me mention that I am a novice in LDAP stuff.
When testing the replication, the NS logs are giving me this error:
slapd[6437]: slap_client_connect: URI=ldap://ns1.example.com DN="cn=admin,dc=example,dc=com" ldap_sasl_bind_s failed (49)
slapd[6437]: do_syncrepl: rid=000 rc 49 retrying
I believe this error is to do with login failure from a different host (both are in same LAN). Also if I do this command from the same host, I can login and retrieve info;
ldapsearch -h localhost -D "cn=libuser,dc=directory,dc=nh" -w `cat /var/lib/nethserver/secrets/libuser` -b "ou=People,dc=directory,dc=nh"
But if I do from the other host the following host
ldapsearch -h "other.example.com" -D "cn=libuser,dc=directory,dc=nh" -w `cat /var/lib/nethserver/secrets/libuser` -b "ou=People,dc=directory,dc=nh"
I get this error;
ldap_bind: Invalid credentials (49)
I have followed the guides listed below this post to help me setup ldap replication.
My SyncRepl ldif is as follows;
I have adjusted the olcServerID: , olcSyncRepl: rid=, & provider= accordingly for the second node
dn: cn=config changetype: modify replace: olcServerID olcServerID: 1
dn: olcDatabase={2}hdb,cn=config changetype: modify add: olcSyncRepl olcSyncRepl: rid=001 provider=ldap://ns1.example.com:389/ bindmethod=simple binddn="cn=admin,dc=directory,dc=nh" credentials=<admin passwd> searchbase="dc=directory,dc=nh" scope=sub schemachecking=on type=refreshAndPersist retry="30 5 300 3" interval=00:00:05:00
add: olcMirrorMode olcMirrorMode: TRUE
dn: olcOverlay=syncprov,olcDatabase={2}hdb,cn=config changetype: add objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: syncprov
I have also tried to substitute my domain in dc=directory,dc=nh
with dc=example,dc=com
In binddn = I have also tried - "cn=admin,ou=People,dc=directory,dc=nh"
and even in despair uid=admin,ou=People,dc=directory,dc=nh
!!
In searchbase= I have also tried "ou=People,dc=directory,dc=nh"
In short, it seems I just cant get the correct attribute to address for the login from the other node.
I would really appreciate If someone can assist me.
My setup links sources;
http://www.barryodonovan.com/2013/01/28/multi-master-ldap-replication