[Samba] Samba + OpenLdap replication problem

robert at ruegner.org robert at ruegner.org
Mon Oct 4 11:35:01 GMT 2004 

Mattia schrieb:

> Paul Gienger wrote:
>
>>
>>> not sure if I can ask here, because this sounds to me more an 
>>> OpenLdap than a Samba problem, but it involves samba too.
>>
>>
>>
>> Nope, it's just openldap at this point.  It's hard to say exactly 
>> what your issue is without knowing how your slapd.conf files are set up.
>
>
> Thanks Paul. Here are slapd.conf files on master and slave servers
>
>
> ********************
> ****** MASTER ******
> ********************
>
>
> # $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.23.2.8 2003/05/24 
> 23:19:14 kurt Exp $
> #
> # See slapd.conf(5) for details on configuration options.
> # This file should NOT be world readable.
> #
> include        /etc/openldap/schema/core.schema
> include        /etc/openldap/schema/cosine.schema
> include        /etc/openldap/schema/inetorgperson.schema
> include        /etc/openldap/schema/nis.schema
> include        /etc/openldap/schema/samba.schema
> include        /etc/openldap/schema/redhat/autofs.schema
>
> allow bind_v2
>
> pidfile    /var/run/slapd.pid
> argsfile /var/run/slapd.args
>
> #######################################################################
> # ldbm and/or bdb database definitions
> #######################################################################
>
> database    ldbm
> suffix        "dc=mydomain,dc=myorg,dc=it"
> rootdn        "cn=Manager,dc=mydomain,dc=myorg,dc=it"
>
> # Cleartext passwords, especially for the rootdn, should
> # be avoided.  See slappasswd(8) and slapd.conf(5) for details.
> # Use of strong authentication encouraged.
> rootpw        mypass
>
> # The database directory MUST exist prior to running slapd AND
> # should only be accessible by the slapd and slap tools.
> # Mode 700 recommended.
> directory    /var/lib/ldap
>
> # Indices to maintain for this database
> index objectClass        eq
> index cn            pres,sub,eq
> index sn            pres,sub,eq
> index uid            pres,sub,eq
> index displayName        pres,sub,eq
> index uidNumber            eq
> index gidNumber            eq
> index memberUid            eq
> index sambaSID            eq
> index sambaPrimaryGroupSID    eq
> index sambaDomainName        eq
> index default            sub
>
> #############################
> # Replicas of this database #
> #############################
>
> replogfile /var/log/slurpd.replog
>
> replica    host=bdc.mydomain.myorg.it:389
>     tls=no
>     binddn="cn=replicator,dc=mydomain,dc=myorg,dc=it"
>     bindmethod=simple
>     credentials=password
>
> access    to dn=".*,dc=mydomain,dc=myorg,dc=it"
>     by dn="cn=replicator,dc=mydomain,dc=myorg,dc=it"    write
>     by self                            write
>     by *                            read
> access    to dn="dc=mydomain,dc=myorg,dc=it"
>     by dn="cn=replicator,dc=mydomain,dc=myorg,dc=it"    write
>     by self                            write
>     by *                            read
>
>
>
>
> ********************
> ****** SLAVE *******
> ********************
>
>
> # $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.23.2.8 2003/05/24 
> 23:19:14 kurt Exp $
> #
> # See slapd.conf(5) for details on configuration options.
> # This file should NOT be world readable.
> #
> include        /etc/openldap/schema/core.schema
> include        /etc/openldap/schema/cosine.schema
> include        /etc/openldap/schema/inetorgperson.schema
> include        /etc/openldap/schema/nis.schema
> include        /etc/openldap/schema/samba.schema
> include        /etc/openldap/schema/redhat/autofs.schema
>
> allow bind_v2
>
> pidfile    /var/run/slapd.pid
> argsfile /var/run/slapd.args
>
> #######################################################################
> # ldbm and/or bdb database definitions
> #######################################################################
>
> database    ldbm
> suffix        "dc=mydomain,dc=myorg,dc=it"
> rootdn        "cn=Manager,dc=mydomain,dc=myorg,dc=it"
>
> # Cleartext passwords, especially for the rootdn, should
> # be avoided.  See slappasswd(8) and slapd.conf(5) for details.
> # Use of strong authentication encouraged.
> rootpw        mypass
>
> # The database directory MUST exist prior to running slapd AND
> # should only be accessible by the slapd and slap tools.
> # Mode 700 recommended.
> directory    /var/lib/ldap/replica
> updatedn    "cn=Manager,dc=mydomain,dc=myorg,dc=it"
> updateref    ldap://bdc.mydomain.myorg.it
>
> # Indices to maintain for this database
> index objectClass        eq
> index cn            pres,sub,eq
> index sn            pres,sub,eq
> index uid            pres,sub,eq
> index displayName        pres,sub,eq
> index uidNumber            eq
> index gidNumber            eq
> index memberUid            eq
> index sambaSID            eq
> index sambaPrimaryGroupSID    eq
> index sambaDomainName        eq
> index default            sub
>
>
> #############################
> # Replicas of this database #
> #############################
>
> access    to dn=".*,dc=mydomain,dc=myorg,dc=it"
>     by dn="cn=replicator,dc=mydomain,dc=myorg,dc=it"    write
>     by self                            write
>     by anonymous                        auth
>     by *                            none
> access    to dn="dc=mydomain,dc=myorg,dc=it"
>     by self                            write
>     by dn="cn=replicator,dc=mydomain,dc=myorg,dc=it"    write
>     by *                            read
>
>
>
>
> Thanks in advance for any help
>
> Bye... Mattia

Hi, have you checked that nscd is killed on the slave ldap server , 
cause this makes trouble
Regards

More information about the samba mailing list