Hello.
15.12.2008 20:21, Quanah Gibson-Mount пишет:
And we can all try to guess and guess what's wrong. What would really help, is to know your configurations on the master & replica. Likely either an ACL or limit is blocking things on the master,
No it does not. The test was to connect master from slave machine using ldapsearch and *same* (copy'n'paste) credentials. The password hashes were displayed properly in ldapsearch output, and I wrote about it in my very first message. Is this test comprehensive or not?
Search limits are not set in master.
or your syncrepl config on your replica is incorrect.
The syncrepl config is trivial: no filters.
================== syncrepl rid=123 provider=ldap://ldap.office.rct-int type=refreshAndPersist interval=00:00:10:00 searchbase="dc=office,dc=rct-int" scope=sub schemachecking=on bindmethod=simple binddn="uid=syncuser,ou=People,dc=office,dc=rct-int" credentials="****" ====================
All (really all!) entries are replicated properly but none of them contains any userPassword, sambaLMPassword or sambaNTPassword attribute. It had been checked both via LDAP browser with rootdn binding and via slapcat output.
Actually, I hoped that someone in this list knows the nature of this problem already. In my understanding, it can be related either with hashed (vs. plaintext) attributes processing in syncrepl or with undocumented requirements to access rights (i.e., syncrepl binddn must have "write" rights instead of "read").
-- Alexey