I'm trying to setup a LDAP server with replica, but I'm having some problems.
I have 2 servers - ldap1.example.com (master) and ldap2.example.com (replica).
Running search query such as
ldapsearch -D "cn=reader,dc=example,dc=com" -w -h ldap1.example.com -b "dc=example,dc=com "uid=testuser"
Returns the data as expected. However running the same query with -h ldap2.example.com
ends with
# extended LDIF
#
# LDAPv3
# base <dc=example,dc=com> with scope subtree
# filter: uid=testuser
# requesting: ALL
#
# search result
search: 2
result: 32 No such object
# numResponses: 1
Even though the replication definitely works, because running slapcat
on replica returns all the data.
My syncrepl.ldif:
dn: olcDatabase={1}mdb,cn=config
changetype: modify
replace: olcSyncRepl
olcSyncrepl: rid=1
provider=ldap://ldap1.example.com
type=refreshAndPersist
retry="30 10 600 10"
interval=00:00:05:00
searchbase=dc=example,dc=com
scope=sub
schemachecking=on
binddn="cn=admin,dc=example,dc=com"
credentials="supersecretpassword"
starttls=yes
tls_reqcert=allow
Ваш ACL не разрешает dn, который вы привязываете с доступом для чтения.
В настоящее время:
olcAccess: {0}to attrs=userPassword,shadowLastChange by self write
by dn="cn=admin,dc=example,dc=com" write
by anonymous auth
by * none
olcAccess: {1}to *
by self write
by dn="cn=admin,dc=example,dc=com" write
by * none
Предлагаемый:
olcAccess: {0}to attrs=userPassword,shadowLastChange by self write
by dn="cn=admin,dc=example,dc=com" write
by anonymous auth
by * none
olcAccess: {1}to *
by self write
by dn="cn=admin,dc=example,dc=com" write
by users read
by * none