Re: Sync replication and "*Password" attributes

[Alexey Lobanov <A.Lobanov@gctrials.com>]

Hello.

15.12.2008 18:26, Aaron Richton ÐÐÑÐÑ:

> On Mon, 15 Dec 2008, Alexey Lobanov wrote:

>> group of Debian servers. Everything works fine except userPassword,
>> sambaLMPassword and sambaNTPassowrd attributes; the replicas (two of
>> two) just don't have those attributes in any downloaded entries.

> Are sambaLMPassword/sambaNTPassword visible on the slave cn=Subschema?
> (slapd -d config perhaps, too.)

The master and slave schemas are absolutely identical. Just rsynced. And
the attributes are present in schema, because I can add them manually
with an editor like Luma.

root@mail:/etc/ldap/schema# slapd -d config
.....
reading config file /etc/ldap/schema/samba.schema
........
line 185 (attributetype ( 1.3.6.1.4.1.7165.2.1.24 NAME 'sambaLMPassword'
DESC 'LanManager Password' EQUALITY caseIgnoreIA5Match SYNTAX
1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE ))

line 190 (attributetype ( 1.3.6.1.4.1.7165.2.1.25 NAME 'sambaNTPassword'
DESC 'MD4 hash of the unicode password' EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE ))

However, I am really surprised now. There is no "NAME 'userPassword'"
definition in schema files, neither in master nor in slaves. More
exactly, the definition in generic core.schema is commented out:

# system schema
#attributetype ( 2.5.4.35 NAME 'userPassword'
#       DESC 'RFC2256/2307: password of user'
#       EQUALITY octetStringMatch
#       SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )

It looks like that this attribute definition is hardcoded in slapd. Correct?

Alexey