[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Syncrepl not replicating userPassword
On 22/10/2010 21:57, Robert Klopotoski, Jr. wrote:
Hello,
I'm running into a problem with syncrepl that I hope someone can help
with. I'm hoping it's a simple config problem. There was another
thread similar to this one, and I have tried the solutions and still
failed.
Running slapd 2.4.11 on both the consumer and the provider. The
provider has thousands of records with numerous attributes including
'userPassword'. The consumer got it's start from a direct copy of the
database files from the provider. All existing accounts have the
userPassword attribute on both the consumer and provider. Any time a
new record is added to the provider, it synchronizes all attributes
other than the userPassword field.
The provider has an account on it "dc=replica,dc=domain,dc=edu" for
the syncrepl to use from the consumer. An ldap search to the provider
using this account shows that it can see userPassword:
ldapsearch -x -LLL -b dc=endicott,dc=edu -W -D
cn=replica,dc=endicott,dc=edu
returns the dn of
dn: uid=112232584,ou=Students,ou=People,dc=endicott,dc=edu
including the attribute of:
userPassword:: e0NSWVBUfSQxJFZ5TXdTJHJJdS85L0EvWjl6UlZnZ3lKYjNtMjE=
The consumer for whatever reason is not adding this attribute to any
records it syncs. All other attributes come over fine.
If I do a complete cleanout of the consumer and have it start it's
database directly from the provider, it does the same thing and pulls
over everything but userPassword.
The config of the consumer is listed below. Where could the problem lie?
It's most likely that your ACLs on the provider do not allow the
"cn=replica, dc=endicott, dc=edu" account to "read" the userPassword
attribute.
Hope this helps,
Jonathan
Thanks,
Rob
The config files on the consumer look like this:
**** Start slapd.conf *****
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/misc.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/endicott.schema
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
loglevel 256
modulepath /usr/lib/ldap
moduleload back_bdb
sizelimit 15000
tool-threads 1
backend bdb
database bdb
suffix "dc=endicott,dc=edu"
checkpoint 512 30
rootdn "cn=admin,dc=endicott,dc=edu"
rootpw password
directory "/var/lib/ldap"
dbconfig set_cachesize 0 2097152 0
dbconfig set_lk_max_objects 1500
dbconfig set_lk_max_locks 1500
dbconfig set_lk_max_lockers 1500
index objectClass eq
lastmod on
access to attrs=userPassword,shadowLastChange
by dn="cn=admin,dc=endicott,dc=edu" write
by dn="cn=replica,dc=endicott,dc=edu" write
by anonymous auth
by self write
by * none
access to dn.base="" by * read
access to *
by dn="cn=admin,dc=endicott,dc=edu" write
by dn="cn=replica,dc=endicott,dc=edu" write
by * read
index entryUUID eq
index userPassword eq
syncrepl rid=123
provider=ldap://10.1.55.196:389
type=refreshAndPersist
interval=00:00:02:00
searchbase="dc=endicott,dc=edu"
scope=sub
attrs="*"
schemachecking=off
bindmethod=simple
binddn="cn=replica, dc=endicott, dc=edu"
credentials="password"
retry="60 +"
logbase="cn=accesslog"
logfilter="(&(objectClass=auditWriteObject)(reqResult=0))"
syncdata=accesslog
updateref ldap://10.1.55.196
**** end slapd.conf ****
--
==========================================
Jonathan CLARKE
------------------------------------------
Normation
44 rue Cauchy, 94110 Arcueil, France
------------------------------------------
Telephone: +33 (0)1 83 62 61 24
------------------------------------------
Web: http://www.normation.com/
==========================================