[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: problem with replication [syncrepl] hash of passwords



On 09/20/2009 03:31 PM, Evgeniy wrote:

Hello.


Openldap 2.4.18, master-slave replication .
Slave server successfully replicates all data, except hashed {sha} passwords.
It is not problem with "access to attrs=userPassword " - I test ithis.

How I can solve it and sync passwords ?

[ slapd.conf ]

master server:

#
index objectClass eq
#
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
#

slave server:

syncrepl rid=<>
provider=ldap://server:389
type=refreshOnly
interval=00:00:05:00
searchbase="dc=company,dc=com"
filter="(objectClass=*)"
scope=sub
attrs="*"
#
schemachecking=off
bindmethod=simple
binddn="cn=adminuser,dc=company,dc=com"
credentials=company-pass
###

Hi,

There are several problems with this syncrepl statement. The first probably is the cause of your problem.

1) The syncrepl statement in slapd.conf is actually just one line. You can continue it on new lines by starting them with space. But, if you insert a comment (# character) anywhere, then the rest of the configuration will be ignored. So I think your binddn etc are being ignored. Remove the commend.

2) You have specified "attrs=*". This means "only replicate user attributes" thus excluding operational attributes. The default for attrs is "*,+" as specified in the man page. I really recommend not changing this value.

Hope this helps,
Jonathan