我已经使用了slapd.conf和slurpd的配置主/从更改密码。LDAP密码信息更新失败:推荐无法从副本
的问题是我不能够,如果主服务器停止从从属服务器更改客户端密码。
主服务器 -
[[email protected] ~]# service ldap stop
Stopping slapd: [ OK ]
Stopping slurpd: [ OK ]
[[email protected] ~]#
从属服务器 -
[[email protected] ldap]# service ldap restart
Stopping slapd: [ OK ]
Checking configuration files for slapd: config file testing succeeded
[ OK ]
Starting slapd: [ OK ]
[[email protected] ldap]#
客户端 -
[[email protected] ldap]# ssh [email protected]
[email protected]'s password:
Last login: Tue Feb 19 21:14:27 2013 from lr5dir02.hk.intraxa
Could not chdir to home directory /home/ldaptest: No such file or directory
-bash-3.2$
-bash-3.2$ passwd
Changing password for user ldaptest.
Enter login(LDAP) password:
'New UNIX password:
Retype new UNIX password:
LDAP password information update failed: Referral
passwd: Permission denied
-bash-3.2$
主服务器 - slapd.conf中
access to attrs=shadowLastChange,userPassword
by self write
by * auth
access to *
by * read
replica host=10.40.101.231:389
binddn="cn=Manager,dc=hk,dc=intraxa"
credentials=secret
bindmethod=simple
tls=no
从服务器的slapd.conf - 同法师只有
updatedn "cn=Manager,dc=hk,dc=intraxa"
updateref ldap://10.40.101.230:389/
客户帕姆 -
[[email protected] ~]# more /etc/pam.d/passwd
#%PAM-1.0
auth include system-auth
account include system-auth
password include system-auth
[[email protected] ~]#
Log - Feb 19 21:43:54 lr5dir02 slapd[7147]: daemon: read active on 14
Feb 19 21:43:54 lr5dir02 slapd[7147]: daemon: epoll: listen=7 active_threads=0 tvp=NULL
Feb 19 21:43:54 lr5dir02 slapd[7147]: conn=2 op=4 BIND dn="uid=ldaptest,ou=People,dc=hk,dc=intraxa" method=128
Feb 19 21:43:54 lr5dir02 slapd[7147]: conn=2 op=4 BIND dn="uid=ldaptest,ou=People,dc=hk,dc=intraxa" mech=SIMPLE ssf=0
Feb 19 21:43:54 lr5dir02 slapd[7147]: conn=2 op=4 RESULT tag=97 err=0 text=
Feb 19 21:43:54 lr5dir02 slapd[7147]: daemon: activity on 1 descriptor
Feb 19 21:43:54 lr5dir02 slapd[7147]: daemon: activity on:
Feb 19 21:43:54 lr5dir02 slapd[7147]:
Feb 19 21:43:54 lr5dir02 slapd[7147]: daemon: epoll: listen=7 active_threads=0 tvp=NULL
Feb 19 21:43:54 lr5dir02 slapd[7147]: daemon: activity on 1 descriptor
Feb 19 21:43:54 lr5dir02 slapd[7147]: daemon: activity on:
Feb 19 21:43:54 lr5dir02 slapd[7147]: 14r
Feb 19 21:43:54 lr5dir02 slapd[7147]:
Feb 19 21:43:54 lr5dir02 slapd[7147]: daemon: read active on 14
Feb 19 21:43:54 lr5dir02 slapd[7147]: daemon: epoll: listen=7 active_threads=0 tvp=NULL
Feb 19 21:43:54 lr5dir02 slapd[7147]: daemon: activity on 1 descriptor
Feb 19 21:43:54 lr5dir02 slapd[7147]: daemon: activity on:
Feb 19 21:43:54 lr5dir02 slapd[7147]:
Feb 19 21:43:54 lr5dir02 slapd[7147]: daemon: epoll: listen=7 active_threads=0 tvp=NULL
Feb 19 21:43:54 lr5dir02 slapd[7147]: conn=2 op=5 MOD dn="uid=ldaptest,ou=People,dc=hk,dc=intraxa"
Feb 19 21:43:54 lr5dir02 slapd[7147]: conn=2 op=5 MOD attr=userPassword
Feb 19 21:43:54 lr5dir02 slapd[7147]: conn=2 op=5 RESULT tag=103 err=10 text=
Feb 19 21:43:56 lr5dir02 slapd[7147]: daemon: activity on 1 descriptor
Feb 19 21:43:56 lr5dir02 slapd[7147]: daemon: activity on:
Feb 19 21:43:56 lr5dir02 slapd[7147]: 14r
Feb 19 21:43:56 lr5dir02 slapd[7147]:
Feb 19 21:43:56 lr5dir02 slapd[7147]: daemon: read active on 14
Feb 19 21:43:56 lr5dir02 slapd[7147]: daemon: epoll: listen=7 active_threads=0 tvp=NULL
Feb 19 21:43:56 lr5dir02 slapd[7147]: connection_read(14): input error=-2 id=2, closing.
Feb 19 21:43:56 lr5dir02 slapd[7147]: conn=2 op=6 UNBIND
Feb 19 21:43:56 lr5dir02 slapd[7147]: daemon: removing 14
Feb 19 21:43:56 lr5dir02 slapd[7147]: conn=2 fd=14 closed
Feb 19 21:43:56 lr5dir02 slapd[7147]: daemon: activity on 1 descriptor
Feb 19 21:43:56 lr5dir02 slapd[7147]: daemon: activity on:
Feb 19 21:43:56 lr5dir02 slapd[7147]:
Feb 19 21:43:56 lr5dir02 slapd[7147]: daemon: epoll: listen=7 active_threads=0 tvp=NUL
谢谢Spuratic先生,是的,我还想到upgarde到的syncrepl,其实我得到这个项目的其他球队和他们使用的slapd.conf/slurpd的只有认证的目的想简单的LDAP。再次感谢。我可以使用的syncrepl与slapd.conf中,我不想CN = config配置。是否可以使用syncrepl和slapd.conf配置。 – Naveen 2013-03-07 08:50:03