服务器 Gind.cn
  1. 服务器 Gind.cn
  3. 错误19(0x13)使用Syncrepl复制OpenLDAP
Intereting Posts
sccm与分布式客户端不在AD中 检查磁盘是否处于睡眠状态(FreeNAS) 在KVM上运行的CentOS 6.8无法获得主机名 Raid控制器 – 要查找的规格? 如何在Linux上redirect一个端口 OpenVPN的作品,但其他连接到服务器绕过VPN Apache重写404上的主机名 我如何根据现有的IPv4地址分配IPv6地址? 使用pptp-linux分割隧道VPN / home,/ tmp,/ var在一个分离的分区上,PassengerWatchdog和PassengerHelperAgent以root身份运行 如何在VMware中运行的Red Hat集群套件中configurationMySQL数据文件夹 重写规则以重新编写旧的到漂亮的URL 如果使用prefork作为apache模块运行,PHP是否会利用APC? 在Linux / Unix服务器上监视用户活动的工具 我的iPhone的VPN端点?

错误19(0x13)使用Syncrepl复制OpenLDAP

我试图让OpenLDAP主服务器使用LDAP后端作为代理对远程OpenLDAP使用者执行只推复制。 主人将能够到达奴隶,但奴隶不能到达主人。

我的问题是,我在复制过程中遇到LDAP约束错误 

Dec 12 11:51:27 rhel7 slapd[1417]: syncprov_search_response: cookie=rid=100,csn=20141211222736.923231Z#000000#000#000000 Dec 12 11:51:27 rhel7 slapd[1417]: do_syncrep2: rid=100 LDAP_RES_INTERMEDIATE - SYNC_ID_SET Dec 12 11:51:27 rhel7 slapd[1417]: syncrepl_message_to_entry: rid=100 DN: dc=example,dc=com, UUID: 56f70834-13d3-1034-9c4b-b9373d9331cc Dec 12 11:51:27 rhel7 slapd[1417]: syncrepl_entry: rid=100 LDAP_RES_SEARCH_ENTRY(LDAP_SYNC_ADD) Dec 12 11:51:27 rhel7 slapd[1417]: syncrepl_entry: rid=100 be_search (0) Dec 12 11:51:27 rhel7 slapd[1417]: syncrepl_entry: rid=100 dc=example,dc=com Dec 12 11:51:27 rhel7 slapd[1417]: null_callback : error code 0x13 Dec 12 11:51:27 rhel7 slapd[1417]: syncrepl_entry: rid=100 be_add dc=example,dc=com (19) Dec 12 11:51:27 rhel7 slapd[1417]: syncrepl_entry: rid=100 be_add dc=example,dc=com failed (19)

login从站显示类似的错误: 

 Dec 12 14:13:24 authldap-01-cs slapd[2339]: conn=1004 op=15 SRCH base="dc=example,dc=com" scope=2 deref=0 filter="(entryUUID=56f70834-13d3-1034-9c4b-b9373d9331cc)" Dec 12 14:13:24 authldap-01-cs slapd[2339]: conn=1004 op=15 SRCH attr=* + Dec 12 14:13:24 authldap-01-cs slapd[2339]: conn=1004 op=15 SEARCH RESULT tag=101 err=0 nentries=0 text= Dec 12 14:13:24 authldap-01-cs slapd[2339]: conn=1004 op=16 ADD dn="dc=example,dc=com" Dec 12 14:13:24 authldap-01-cs slapd[2339]: conn=1004 op=16 RESULT tag=105 err=19 text=structuralObjectClass: no user modification allowed

我的提供者hdb config config。 域组件被replace。 

 # AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. # CRC32 7c7ced28 dn: olcDatabase={2}hdb objectClass: olcDatabaseConfig objectClass: olcHdbConfig olcDatabase: {2}hdb olcDbDirectory: /var/lib/ldap olcDbIndex: objectClass eq,pres olcDbIndex: ou,cn,mail,surname,givenname eq,pres,sub olcDbIndex: uid eq,pres,sub structuralObjectClass: olcHdbConfig entryUUID: f60bed20-13a3-1034-8f7e-113c69ebc9f8 creatorsName: cn=config createTimestamp: 20141209040239Z olcRootPW:: e1NTSEF9cVVvVFJQd3BwYWVkcUhRVGdZT1BZV29rcjNTaVhqYks= olcSuffix: dc=example,dc=com olcRootDN: cn=manager,dc=example,dc=com entryCSN: 20141211014727.826962Z#000000#000#000000 modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth modifyTimestamp: 20141211014727Z

提供程序ldapconfiguration 

 # AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. # CRC32 ff26115e dn: olcDatabase={3}ldap objectClass: olcDatabaseConfig objectClass: olcLDAPConfig olcDatabase: {3}ldap olcHidden: TRUE olcSuffix: dc=example,dc=com olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=externa l,cn=auth manage by * break olcAccess: {1}to * by * read olcLastMod: TRUE olcRestrict: all olcRootDN: cn=ldap-replroot olcSyncrepl: {0}rid=100 provider="ldap://rhel7:389" tls_reqcert=never binddn=" cn=replicator,dc=example,dc=com" bindmethod=simple credentials=supersecre tpassword searchbase="dc=example,dc=com" type=refreshAndPersist retry="5 5 300 +" olcDbStartTLS: start olcDbACLBind: bindmethod=simple binddn="cn=replicator,dc=example,dc=com" credentials=supersecretpassword structuralObjectClass: olcLDAPConfig entryUUID: d4b45f1a-1522-1034-8b61-af7acc5313da creatorsName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth createTimestamp: 20141211014320Z olcDbURI: ldap://authldap-01-cs entryCSN: 20141211052948.885859Z#000000#000#000000 modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth modifyTimestamp: 20141211052948Z

我的奴隶configuration 

 # AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify. # CRC32 a539163c dn: olcDatabase={2}hdb objectClass: olcDatabaseConfig objectClass: olcHdbConfig olcDatabase: {2}hdb olcDbDirectory: /var/lib/ldap olcDbIndex: objectClass eq,pres olcDbIndex: ou,cn,mail,surname,givenname eq,pres,sub olcDbIndex: uid eq,pres,sub olcDbIndex: entryUUID eq olcDbIndex: entryCSN eq structuralObjectClass: olcHdbConfig entryUUID: a5ede4ec-1420-1034-9ec6-e93109d39d98 creatorsName: cn=config createTimestamp: 20141209185511Z olcSuffix: dc=example,dc=com olcRootDN: cn=manager,dc=example,dc=com olcRootPW:: e1NTSEF9cVVvVFJQd3BwYWVkcUhRVGdZT1BZV29rcjNTaVhqYks= olcAccess: {0}to * by dn="cn=replicator,dc=example,dc=com" write by dn="cn =manager,dc=example,dc=com" write by * read entryCSN: 20141212193340.646494Z#000000#000#000000 modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth modifyTimestamp: 20141212193340Z

我曾尝试用slapcat导出来腌制消费者,并尝试删除整个域组件,而且似乎也没有为我工作。