On 09/20/2009 03:31 PM, Evgeniy wrote:
Hello.
Openldap 2.4.18, master-slave replication . Slave server successfully replicates all data, except hashed {sha} passwords. It is not problem with "access to attrs=userPassword " - I test ithis.
How I can solve it and sync passwords ?
[ slapd.conf ]
master server:
# index objectClass eq # overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100 #
slave server:
syncrepl rid=<> provider=ldap://server:389 type=refreshOnly interval=00:00:05:00 searchbase="dc=company,dc=com" filter="(objectClass=*)" scope=sub attrs="*" # schemachecking=off bindmethod=simple binddn="cn=adminuser,dc=company,dc=com" credentials=company-pass ###
Hi,
There are several problems with this syncrepl statement. The first probably is the cause of your problem.
1) The syncrepl statement in slapd.conf is actually just one line. You can continue it on new lines by starting them with space. But, if you insert a comment (# character) anywhere, then the rest of the configuration will be ignored. So I think your binddn etc are being ignored. Remove the commend.
2) You have specified "attrs=*". This means "only replicate user attributes" thus excluding operational attributes. The default for attrs is "*,+" as specified in the man page. I really recommend not changing this value.
Hope this helps, Jonathan