[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: syncrepl missing/ignoring {md5} passwords?
On Mon, Jun 19, 2006 at 06:31:39PM +0100, Ade Fewings wrote:
> Dear all
>
> We are setting up an OpenLDAP 2.3.34 directory server structure and I
> have started using syncrepl to produce replica servers. Everything is
> going OK, except that userPassword's crypt'd using {MD5} rather than
> {crypt} do not find their way to the slave servers. The {crypt}
> passwords get there fine, however.
>
> Master slapd.conf bit:
> >#
> ># syncrepl setup
> >#
> >overlay syncprov
> >syncprov-checkpoint 100 10
> >syncprov-sessionlog 100
>
>
> Slave slapd.conf bit:
> ># syncrepl setup
> >#
> >syncrepl rid=123
> > provider=ldap://directory.a.com:389
> > type=refreshAndPersist
> > searchbase="dc=a,dc=com"
> > scope=sub
> > bindmethod=simple
> > binddn="cn=syncuser,dc=a,dc=com"
> > credentials=#######
Are you sure the binddn user can read all needed entries on the server? Like
all userPassword attributes? I don't think the contents of userPassword play a
role here, but the ACLs for that attribute most certainly do. Also, make sure
you remove the search limits (time and size) for this binddn user: you may be
hiting this limit and thinking the issue is something else.