On Mon, 21 Sep 2009, Evgeniy wrote:
Openldap 2.4.18, master-slave replication . Slave server successfully replicates all data, except hashed {sha} passwords. It is not problem with "access to attrs=userPassword " - I test ithis. [...] attrs="*"
syncrepl needs operational attributes, but those are omitted due to this configuration. Try "*,+" instead. (Although I thought there were recent changes in that area...to be fair, I can't remember what, though.)
I note that you included your ppolicy details (which I don't believe are germane to a sync issue). But I'll note that there's frequent confusion regarding "what ppolicy does" in a multiserver environment...if you're in doubt about that, check the archives and/or re-post.