I figured out why; credentials= doesn't ignore ' ' ...
BLOCKQUOTE { BORDER-LEFT:#1F4687 1px solid; padding-left:20px;
margin-left: 0px; }-----Original Message-----
From: Loc Nguyen <nguyenbloc@tuluc.com>
Sent: Monday, 23. Feb 2004 19:03 -0800
To: samba@lists.samba.org
Subject: [Samba] (no subject)
Hi list,
I'm getting stuck at the replication part for my BDC. Could
someone familiar with OpenLDAP replication shed some light?
I'm sure
that password is correct
Thanks for taking a look at!
1. slapd.conf
(master)
# $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.23.2.8
2003/05/24 23:19:14 kurt Exp $
#
# See slapd.conf(5) for details on
configuration options.
#
#
include
/usr/local/etc/openldap/schema/core.schema
include
/usr/local/etc/openldap/schema/cosine.schema
include
/usr/local/etc/openldap/schema/nis.schema
include
/usr/local/etc/openldap/schema/inetorgperson.schema
include
/usr/local/etc/openldap/schema/samba.schema
include
/etc/samba/samba.acl
pidfile /usr/local/var/slapd.pid
argsfile
/usr/local/var/slapd.args
#############################################
##########################
# ldbm database
definitions
############################################################
###########
database bdb
suffix "dc=tuluc,dc=com"
rootdn
"cn=Manager,dc=tuluc,dc=com"
# Cleartext passwords, especially for the
rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for
details.
# Use of strong authentication encouraged.
rootpw
secrete
#rootpw {MD5}QL5OWbmiorXf+5GMDoaz1w=
# The database directory
MUST exist prior to running slapd AND
# should only be accessible by the
slapd and slap tools.
# Mode 700 recommended.
directory
/usr/local/var/openldap-data
###########################################
#####################
#replica
password-hash {MD5}
replogfile
/var/lib/ldap/replica.log
replica host=192.168.4.2:389
binddn="cn=replicator,dc=tuluc,dc=com"
bindmethod=simple
credentials='mybdc'
loglevel
65535
#################################################################
# Indices to maintain
## required by OpenLDAP
index objectClass
eq
index cn pres,sub,eq
index sn pres,sub,eq
## required to support
pdb_getsampwnam
index uid pres,sub,eq
## required to support
pdb_getsambapwrid()
index displayName pres,sub,eq
## uncomment these if
you are storing posixAccount and
## uncomment these if you are storing
posixAccount and
## posixGroup entries in the directory as well
index
uidNumber eq
index gidNumber eq
index memberUid eq
index sambaSID
eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
index default
sub
2. slapd.conf (slave)
# $OpenLDAP:
pkg/ldap/servers/slapd/slapd.conf,v 1.23.2.8 2003/05/24 23:19:14 kurt
Exp $
#
# See slapd.conf(5) for details on configuration
options.
#
#
include /usr/local/etc/openldap/schema/core.schema
include
/usr/local/etc/openldap/schema/cosine.schema
include
/usr/local/etc/openldap/schema/nis.schema
include
/usr/local/etc/openldap/schema/inetorgperson.schema
include
/usr/local/etc/openldap/schema/samba.schema
pidfile
/usr/local/var/slapd.pid
argsfile
/usr/local/var/slapd.args
#############################################
##########################
# ldbm database
definitions
############################################################
###########
database bdb
suffix "dc=tuluc,dc=com"
rootdn
"cn=Manager,dc=tuluc,dc=com"
# Cleartext passwords, especially for the
rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for
details.
# Use of strong authentication encouraged.
rootpw
secrete
#rootpw {MD5}QL5OWbmiorXf+5GMDoaz1w=
# The database directory
MUST exist prior to running slapd AND
# should only be accessible by the
slapd and slap tools.
# Mode 700 recommended.
directory
/usr/local/var/openldap-data
###########################################
######################
# Indices to maintain
## required by
OpenLDAP
index objectClass eq
index cn pres,sub,eq
index sn
pres,sub,eq
## required to support pdb_getsampwnam
index uid
pres,sub,eq
## required to support pdb_getsambapwrid()
index displayName
pres,sub,eq
## uncomment these if you are storing posixAccount and
##
posixGroup entries in the directory as well
index uidNumber eq
index
gidNumber eq
index memberUid eq
index sambaSID eq
index
sambaPrimaryGroupSID eq
index sambaDomainName eq
index default sub
##
for testing I open ACL wide open
access to *
by
dn="cn=Manager,dc=tuluc,dc=com" write
by
dn="cn=replicator,dc=tuluc,dc=com" write
by * read
updatedn
"cn=replicator,dc=tuluc,dc=com"
updateref ldap://192.168.5.3
loglevel
65535
3. Log from the master slurpd
begin replication thread for
192.168.4.2:389
Initializing session to 192.168.4.2:389
ldap_create
bind
to 192.168.4.2:389 as cn=replicator,dc=tuluc,dc=com
(simple)
ldap_simple_bind_s
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_in
itial_request
ldap_new_connection
ldap_int_open_connection
ldap_connect_
to_host: TCP 192.168.4.2:389
ldap_new_socket: 8
ldap_prepare_socket:
8
ldap_connect_to_host: Trying 192.168.4.2:389
ldap_connect_timeout: fd:
8 tm: -1 async: 0
ldap_ndelay_on: 8
ldap_is_sock_ready:
8
ldap_ndelay_off: 8
ldap_int_sasl_open:
host=192.168.4.2
ldap_open_defconn:
successful
ldap_send_server_request
ber_flush: 53 bytes to sd 8
0000:
30 33 02 01 01 60 2e 02 01 03 04 1d 63 6e 3d 72 03...`......cn=r
0010: 65 70 6c 69 63 61 74 6f 72 2c 64 63 3d 74 75 6c
eplicator,dc=tul
0020: 75 63 2c 64 63 3d 63 6f 6d 80 0a 27 74 75 6c
75 uc,dc=com..'tulu
0030: 63 62 64 63 27
cbdc'
ldap_write: want=53, written=53
0000: 30 33 02 01 01
60 2e 02 01 03 04 1d 63 6e 3d 72 03...`......cn=r
0010: 65 70 6c
69 63 61 74 6f 72 2c 64 63 3d 74 75 6c eplicator,dc=tul
0020: 75
63 2c 64 63 3d 63 6f 6d 80 0a 27 74 75 6c 75 uc,dc=com..'tulu
0030:
63 62 64 63 27 cbdc'
ldap_result
msgid 1
ldap_chkResponseList for msgid=1, all=1
ldap_chkResponseList
returns NULL
wait4msg (infinite timeout), msgid 1
wait4msg continue,
msgid 1, all 1
** Connections:
* host: 192.168.4.2 port: 389
(default)
refcnt: 2 status: Connected
last used: Mon Feb 23
17:39:49 2004
** Outstanding Requests:
* msgid 1, origid 1, status
InProgress
outstanding referrals 0, parent count 0
** Response
Queue:
Empty
ldap_chkResponseList for msgid=1,
all=1
ldap_chkResponseList returns NULL
ldap_int_select
read1msg: msgid
1, all 1
ber_get_next
ldap_read: want=8, got=8
0000: 30 0c 02 01 01
61 07 0a 0....a..
ldap_read: want=6, got=6
0000: 01 31 04 00 04 00
1....
ber_get_next: tag 0x30 len 12 contents:
ber_dump: buf=0x080a4c98
ptr=0x080a4c98 end=0x080a4ca4 len=12
0000: 02 01 01 61 07 0a 01 31
04 00 04 00 ...a...1....
ldap_read: message type bind
msgid 1, original id 1
ber_scanf fmt ({iaa) ber:
ber_dump:
buf=0x080a4c98 ptr=0x080a4c9b end=0x080a4ca4 len=9
0000: 61 07 0a 01
31 04 00 04 00 a...1....
read1msg: 0 new
referrals
read1msg: mark request completed, id = 1
request 1
done
res_errno: 0, res_error: , res_matched:
ldap_free_request (origid
1, msgid 1)
ldap_free_connection
ldap_free_connection: refcnt
1
ldap_parse_result
ber_scanf fmt ({iaa) ber:
ber_dump: buf=0x080a4c98
ptr=0x080a4c9b end=0x080a4ca4 len=9
0000: 61 07 0a 01 31 04 00 04 00
a...1....
ber_scanf fmt (}) ber:
ber_dump:
buf=0x080a4c98 ptr=0x080a4ca4 end=0x080a4ca4
len=0
ldap_msgfree
ldap_err2string
Error: ldap_simple_bind_s for
192.168.4.2:389 failed: Invalid
credentials
ldap_unbind
ldap_free_connection
ldap_send_unbind
ber_flush:
7 bytes to sd 8
0000: 30 05 02 01 02 42 00
0....B.
ldap_write: want=7, written=7
0000: 30 05 02 01 02 42 00
0....B.
ldap_free_connection: actually
freed
4. log from the slave
Feb 23 17:44:36 localhost slapd[8287]:
daemon: activity on 1 descriptors
Feb 23 17:44:36 localhost slapd[8287]:
daemon: new connection on 9
Feb 23 17:44:36 localhost slapd[8287]:
str2filter "(objectclass=*)"
Feb 23 17:44:36 localhost slapd[8287]:
begin get_filter
Feb 23 17:44:36 localhost slapd[8287]: PRESENT
Feb 23
17:44:36 localhost slapd[8287]: end get_filter 0
Feb 23 17:44:36
localhost slapd[8287]: conn=0 fd=9 ACCEPT from IP=192.168.5.3:33370
(IP=0.0.0.0:389)
Feb 23 17:44:36 localhost slapd[8287]: daemon: added
9r
Feb 23 17:44:36 localhost slapd[8287]: daemon: activity on:
Feb 23
17:44:36 localhost slapd[8287]:
Feb 23 17:44:36 localhost slapd[8287]:
daemon: select: listen=6 active_threads=0 tvp=NULL
Feb 23 17:44:36
localhost slapd[8287]: daemon: activity on 1 descriptors
Feb 23 17:44:36
localhost slapd[8287]: daemon: activity on:
Feb 23 17:44:36 localhost
slapd[8287]: 9r
Feb 23 17:44:36 localhost slapd[8287]:
Feb 23 17:44:36
localhost slapd[8287]: daemon: read activity on 9
Feb 23 17:44:36
localhost slapd[8287]: connection_get(9)
Feb 23 17:44:36 localhost
slapd[8287]: connection_get(9): got connid=0
Feb 23 17:44:36 localhost
slapd[8287]: connection_read(9): checking for input on id=0
Feb 23
17:44:36 localhost slapd[8287]: do_bind
Feb 23 17:44:36 localhost
slapd[8287]: ber_get_next on fd 9 failed errno=11 (Resource temporarily
unavailable)
Feb 23 17:44:36 localhost slapd[8287]: >>> dnPrettyNormal:
Feb 23 17:44:36 localhost slapd[8287]: ,
Feb 23 17:44:36 localhost
slapd[8287]: do_bind: version=3 dn="cn=replicator,dc=tuluc,dc=com"
method=128
Feb 23 17:44:36 localhost slapd[8287]: conn=0 op=0 BIND
dn="cn=replicator,dc=tuluc,dc=com" method=128
Feb 23 17:44:36 localhost
slapd[8287]: ==> bdb_bind: dn: cn=replicator,dc=tuluc,dc=com
Feb 23
17:44:36 localhost slapd[8287]:
bdb_dn2entry_rw("cn=replicator,dc=tuluc,dc=com")
Feb 23 17:44:36
localhost slapd[8287]: => bdb_dn2id_matched(
"cn=replicator,dc=tuluc,dc=com" )
Feb 23 17:44:36 localhost slapd[8287]:
access_allowed: auth access to "cn=replicator,dc=tuluc,dc=com"
"userPassword" requested
Feb 23 17:44:36 localhost slapd[8287]: daemon:
select: listen=6 active_threads=1 tvp=NULL
Feb 23 17:44:36 localhost
slapd[8287]: => acl_get: [1] check attr userPassword
Feb 23 17:44:36
localhost slapd[8287]: acl_mask: access to entry
"cn=replicator
or,dc=tuluc,dc=com", attr "userPassword" requested
Feb 23
17:44:36 localhost slapd[8287]: => acl_mask: to all values by "",
(=n)
Feb 23 17:44:36 localhost slapd[8287]: string_expand: pattern:
cn=Manager,dc=tuluc,dc=com
Feb 23 17:44:36 localhost slapd[8287]: =>
string_expand: expanded: cn=Manager,dc=tuluc,dc=com
Feb 23 17:44:36
localhost slapd[8287]: => regex_matches: string:^I
Feb 23 17:44:36
localhost slapd[8287]: => regex_matches: rc: 1 no matches
Feb 23
17:44:36 localhost slapd[8287]: string_expand: pattern:
cn=replicator,dc=tuluc,dc=com
Feb 23 17:44:36 localhost slapd[8287]: =>
string_expand: expanded: cn=replicator,dc=tuluc,dc=com
Feb 23 17:44:36
localhost slapd[8287]: => regex_matches: string:^I
Feb 23 17:44:36
localhost slapd[8287]: => regex_matches: rc: 1 no matches
Feb 23
17:44:36 localhost slapd[8287]: access_allowed: auth access granted by
read(=rscx)
Feb 23 17:44:36 localhost slapd[8287]: send_ldap_result:
conn=0 op=0 p=3
Feb 23 17:44:36 localhost slapd[8287]: send_ldap_result:
err=49 matched="" text=""
Feb 23 17:44:36 localhost slapd[8287]:
send_ldap_response: msgid=1 tag=97 err=49
Feb 23 17:44:36 localhost
slapd[8287]: conn=0 op=0 RESULT tag=97 err=49 text
Feb 23 17:44:36
localhost slapd[8287]: ====> bdb_cache_return_entry_r( 21 ): created
(0)
Feb 23 17:44:36 localhost slapd[8287]: daemon: activity on 1
descriptors
Feb 23 17:44:36 localhost slapd[8287]: daemon: activity
on:
Feb 23 17:44:36 localhost slapd[8287]: 9r
Feb 23 17:44:36 localhost
slapd[8287]:
Feb 23 17:44:36 localhost slapd[8287]: daemon: read
activity on 9
Feb 23 17:44:36 localhost slapd[8287]:
connection_get(9)
Feb 23 17:44:36 localhost slapd[8287]:
connection_get(9): got connid=0
Feb 23 17:44:36 localhost slapd[8287]:
connection_read(9): checking for input on id=0
Feb 23 17:44:36 localhost
slapd[8287]: ber_get_next on fd 9 failed errno=11 (Resource temporarily
unavailable)
Feb 23 17:44:36 localhost slapd[8287]: do_unbind
Feb 23
17:44:36 localhost slapd[8287]: conn=0 op=1 UNBIND
Feb 23 17:44:36
localhost slapd[8287]: connection_closing: readying conn=0 sd=9 for
close
Feb 23 17:44:36 localhost slapd[8287]: connection_resched:
attempting closing conn=0 sd=9
Feb 23 17:44:36 localhost slapd[8287]:
daemon: select: listen=6 active_threads=1 tvp=NULL
Feb 23 17:44:36
localhost slapd[8287]: daemon: activity on 1 descriptors
Feb 23 17:44:36
localhost slapd[8287]: daemon: select: listen=6 active_threads=1
tvp=NULL
Feb 23 17:44:36 localhost slapd[8287]: connection_close: conn=0
sd=9
Feb 23 17:44:36 localhost slapd[8287]: daemon: removing 9
Feb 23
17:44:36 localhost slapd[8287]: conn=0 fd=9 closed
Feb 23 17:45:36
localhost slapd[8287]: daemon: activity on 1 descriptors
Feb 23 17:45:36
localhost slapd[8287]: daemon: new connection on 9
Feb 23 17:45:36
localhost slapd[8287]: conn=1 fd=9 ACCEPT from IP=192.168.5.3:33371
(IP=0.0.0.0:389)
Feb 23 17:45:36 localhost slapd[8287]: daemon: added
9r
Feb 23 17:45:36 localhost slapd[8287]: daemon: activity on:
Feb 23
17:45:36 localhost slapd[8287]:
Feb 23 17:45:36 localhost slapd[8287]:
daemon: select: listen=6 active_threads=0 tvp=NULL
Feb 23 17:45:36
localhost slapd[8287]: daemon: activity on 1 descriptors
Feb 23 17:45:36
localhost slapd[8287]: daemon: activity on:
Feb 23 17:45:36 localhost
slapd[8287]: 9r
Feb 23 17:45:36 localhost slapd[8287]:
Feb 23 17:45:36
localhost slapd[8287]: daemon: read activity on 9
Feb 23 17:45:36
localhost slapd[8287]: connection_get(9)
Feb 23 17:45:36 localhost
slapd[8287]: connection_get(9): got connid=1
Feb 23 17:45:36 localhost
slapd[8287]: connection_read(9): checking for input on id=1
Feb 23
17:45:36 localhost slapd[8287]: ber_get_next on fd 9 failed errno=11
(Resource temporarily unavailable)
Feb 23 17:45:36 localhost
slapd[8287]: do_bind
Feb 23 17:45:36 localhost slapd[8287]: >>>
dnPrettyNormal:
Feb 23 17:45:36 localhost slapd[8287]: ,
Feb 23
17:45:36 localhost slapd[8287]: do_bind: version=3
dn="cn=replicator,dc=tuluc,dc=com" method=128
Feb 23 17:45:36 localhost
slapd[8287]: conn=1 op=0 BIND dn="cn=replicator,dc=tuluc,dc=com"
method=128
Feb 23 17:45:36 localhost slapd[8287]: ==> bdb_bind: dn:
cn=replicator,dc=tuluc,dc=com
Feb 23 17:45:36 localhost slapd[8287]:
bdb_dn2entry_rw("cn=replicator,dc=tuluc,dc=com")
Feb 23 17:45:36
localhost slapd[8287]: => bdb_dn2id_matched(
"cn=replicator,dc=tuluc,dc=com" )
Feb 23 17:45:36 localhost slapd[8287]:
====> bdb_cache_find_entry_dn2id("cn=replicator,dc=tuluc,dc=com"):
21
(1
tries)
Feb 23 17:45:36 localhost slapd[8287]: ====>
bdb_cache_find_entry_id( 21 ) "cn=replicator,dc=tuluc,dc=com" (found)
(1
tries)
Feb 23 17:45:36 localhost slapd[8287]: => access_allowed: auth
access to "cn=replicator,dc=tuluc,dc=com" "userPassword"
requested
Feb
23 17:45:36 localhost slapd[8287]: => acl_get: [1] check attr
userPassword
Feb 23 17:45:36 localhost slapd[8287]: acl_mask: access to
entry "cn=replicator,dc=tuluc,dc=com", attr "userPassword"
requested
Feb
23 17:45:36 localhost slapd[8287]: => acl_mask: to all values by
"",
(=n)
Feb 23 17:45:36 localhost slapd[8287]: string_expand: pattern:
cn=Manager,dc=tuluc,dc=com
Feb 23 17:45:36 localhost slapd[8287]: =>
string_expand: expanded: cn=Manager,dc=tuluc,dc=com
Feb 23 17:45:36
localhost slapd[8287]: => regex_matches: string:^I
Feb 23 17:45:36
localhost slapd[8287]: => regex_matches: rc: 1 no matches
Feb 23
17:45:36 localhost slapd[8287]: string_expand: pattern:
cn=replicator,dc=tuluc,dc=com
Feb 23 17:45:36 localhost slapd[8287]: =>
string_expand: expanded: cn=replicator,dc=tuluc,dc=com
Feb 23 17:45:36
localhost slapd[8287]: => regex_matches: string:^I
Feb 23 17:45:36
localhost slapd[8287]: => regex_matches: rc: 1 no matches
Feb 23
17:45:36 localhost slapd[8287]: access_allowed: auth access granted by
read(=rscx)
Feb 23 17:45:36 localhost slapd[8287]: send_ldap_result:
conn=1 op=0 p=3
Feb 23 17:45:36 localhost slapd[8287]: send_ldap_result:
err=49 matched="" text=""
Feb 23 17:45:36 localhost slapd[8287]:
send_ldap_response: msgid=1 tag=97 err=49
Feb 23 17:45:36 localhost
slapd[8287]: conn=1 op=0 RESULT tag=97 err=49 text
Feb 23 17:45:36
localhost slapd[8287]: ====> bdb_cache_return_entry_r( 21 ): returned
(0)
Feb 23 17:45:36 localhost slapd[8287]: daemon: select: listen=6
active_threads=1 tvp=NULL
Feb 23 17:45:36 localhost slapd[8287]: daemon:
activity on 1 descriptors
Feb 23 17:45:36 localhost slapd[8287]: daemon:
activity on:
Feb 23 17:45:36 localhost slapd[8287]: 9r
Feb 23 17:45:36
localhost slapd[8287]:
Feb 23 17:45:36 localhost slapd[8287]: daemon:
read activity on 9
Feb 23 17:45:36 localhost slapd[8287]:
connection_get(9)
Feb 23 17:45:36 localhost slapd[8287]:
connection_get(9): got connid=1
Feb 23 17:45:36 localhost slapd[8287]:
connection_read(9): checking for input on id=1
Feb 23 17:45:36 localhost
slapd[8287]: ber_get_next on fd 9 failed errno=0 (Success)
Feb 23
17:45:36 localhost slapd[8287]: connection_read(9): input error=-2
id=1,
closing.
Feb 23 17:45:36 localhost slapd[8287]: connection_closing:
readying conn=1 sd=9 for close
Feb 23 17:45:36 localhost slapd[8287]:
connection_close: deferring conn=1 sd=9
Feb 23 17:45:36 localhost
slapd[8287]: do_unbind
Feb 23 17:45:36 localhost slapd[8287]: conn=1
op=1 UNBIND
Feb 23 17:45:36 localhost slapd[8287]: connection_resched:
attempting closing conn=1 sd=9
Feb 23 17:45:36 localhost slapd[8287]:
connection_close: conn=1 sd=9
Feb 23 17:45:36 localhost slapd[8287]:
daemon: removing 9
Feb 23 17:45:36 localhost slapd[8287]: conn=1 fd=9
closed
Feb 23 17:45:36 localhost slapd[8287]: daemon: select: listen=6
active_threads=1 tvp=NULL
Feb 23 17:45:36 localhost slapd[8287]: daemon:
activity on 1 descriptors
Feb 23 17:45:36 localhost slapd[8287]: daemon:
select: listen=6 active_threads=0 tvp=NULL
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba