[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: syncrepl missing/ignoring {md5} passwords?



On Mon, Jun 19, 2006 at 06:31:39PM +0100, Ade Fewings wrote:
> Dear all
> 
> We are setting up an OpenLDAP 2.3.34 directory server structure and I 
> have started using syncrepl to produce replica servers.  Everything is 
> going OK, except that userPassword's crypt'd using {MD5} rather than 
> {crypt} do not find their way to the slave servers.  The {crypt} 
> passwords get there fine, however. 
> 
> Master slapd.conf bit:
> >#
> ># syncrepl setup
> >#
> >overlay syncprov
> >syncprov-checkpoint 100 10
> >syncprov-sessionlog 100
> 
> 
> Slave slapd.conf bit:
> ># syncrepl setup
> >#
> >syncrepl rid=123
> >        provider=ldap://directory.a.com:389
> >        type=refreshAndPersist
> >        searchbase="dc=a,dc=com"
> >        scope=sub
> >        bindmethod=simple
> >        binddn="cn=syncuser,dc=a,dc=com"
> >        credentials=#######

Are you sure the binddn user can read all needed entries on the server? Like
all userPassword attributes? I don't think the contents of userPassword play a
role here, but the ACLs for that attribute most certainly do. Also, make sure
you remove the search limits (time and size) for this binddn user: you may be
hiting this limit and thinking the issue is something else.