[Fedora-directory-users] Replication credentials issue
Kyle Tucker
kylet at panix.com
Mon Nov 27 17:57:45 UTC 2006
> Kyle Tucker wrote:
> >> I stopped the service, edited the password in clear in userPassword
> >> field, reinput the password on the master and same errors. The error
> >> from the initialize consumer action is:
> >>
> >
> > For grins, I stopped the master as well, edited its dse.ldif and
> > changed it to clear (it was in DES method) and voila - it all took
> > off and synched up. I checked my working test master and consumer
> > and they were in DES and SSHA respectively, again always working
> > from the onset. I'll leave it to the developers to take anything from
> > this. Thanks for the pointer to dse.ldif.
> >
> The consumer should have the cn=Repl Manager user with userPassword as
> an SSHA hash (or some other secure hash), not cleartext. The supplier
> should store the repl manager credentials with the {DES} reversible
> password encryption type so that it can send the clear text password to
> the consumer in the BIND request (as is done in the normal LDAP simple
> BIND request). You can always test this by using the ldapsearch command
> line tool to attempt to bind using -D "cn=replication manager,cn=config"
> and the password to the consumer to test the bind and credentials.
Yes, but it wouldn't work in this configuration using DES->SSHA with 1.0.4
on RHEL, whereas it did in several tests on 1.0.3 on FC5. It wouldn't even
work DES->clear. I did not try clear->SSHA. I have to set up 2 more consumers,
so I will try all possible combinations when I do those and follow up.
--
- Kyle
---------------------------------------------
kylet at panix.com http://www.panix.com/~kylet
---------------------------------------------
More information about the Fedora-directory-users
mailing list