Kyle Tucker wrote:
>> I stopped the service, edited the password in clear in userPassword
>> field, reinput the password on the master and same errors. The error
>> from the initialize consumer action is:
>>
>
> For grins, I stopped the master as well, edited its dse.ldif and
> changed it to clear (it was in DES method) and voila - it all took
> off and synched up. I checked my working test master and consumer
> and they were in DES and SSHA respectively, again always working
> from the onset. I'll leave it to the developers to take anything from
> this. Thanks for the pointer to dse.ldif.
>
The consumer should have the cn=Repl Manager user with userPassword as
an SSHA hash (or some other secure hash), not cleartext. The supplier
should store the repl manager credentials with the {DES} reversible
password encryption type so that it can send the clear text password to
the consumer in the BIND request (as is done in the normal LDAP simple
BIND request). You can always test this by using the ldapsearch command
line tool to attempt to bind using -D "cn=replication manager,cn=config"
and the password to the consumer to test the bind and credentials.
Yes, but it wouldn't work in this configuration using DES->SSHA with 1.0.4
on RHEL, whereas it did in several tests on 1.0.3 on FC5. It wouldn't even
work DES->clear. I did not try clear->SSHA. I have to set up 2 more consumers,
so I will try all possible combinations when I do those and follow up.
--
- Kyle
---------------------------------------------
kylet(a)panix.com
http://www.panix.com/~kylet
---------------------------------------------