[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Sync replication and "*Password" attributes



Hello.

15.12.2008 20:21, Quanah Gibson-Mount ÐÐÑÐÑ:

> And we can all try to guess and guess what's wrong.  What would really
> help, is to know your configurations on the master & replica.  Likely
> either an ACL or limit is blocking things on the master,

No it does not. The test was to connect master from slave machine using
ldapsearch and *same* (copy'n'paste) credentials. The password hashes
were displayed properly in ldapsearch output, and I wrote about it in my
very first message. Is this test comprehensive or not?

Search limits are not set in master.

> or your
> syncrepl config on your replica is incorrect.

The syncrepl config is trivial: no filters.

==================
syncrepl rid=123
  provider=ldap://ldap.office.rct-int
  type=refreshAndPersist
  interval=00:00:10:00
  searchbase="dc=office,dc=rct-int"
  scope=sub
  schemachecking=on
  bindmethod=simple
  binddn="uid=syncuser,ou=People,dc=office,dc=rct-int"
  credentials="****"
====================

All (really all!) entries are replicated properly but none of them
contains any userPassword, sambaLMPassword or sambaNTPassword attribute.
It had been checked both via LDAP browser with rootdn binding and via
slapcat output.

Actually, I hoped that someone in this list knows the nature of this
problem already. In my understanding, it can be related either with
hashed (vs. plaintext) attributes processing in syncrepl or with
undocumented requirements to access rights (i.e., syncrepl binddn must
have "write" rights instead of "read").

--
Alexey