The problem was really dumb. An illegally located commented string in slave configs.
==== syncrepl rid=123 provider=ldap://ldap.office.rct-int type=refreshAndPersist interval=00:00:10:00 searchbase="dc=office,dc=rct-int" # filter="(objectClass=qmailUser)||(objectClass=posixGroup)" scope=sub schemachecking=on binddn="uid=syncuser,ou=People,dc=office,dc=rct-int" ========
As the result, parsing ended at "searchbase", and connection to master was actually anonymous.
Thanks to everyone.
Alexey
15.12.2008 17:24, Alexey Lobanov пишет:
I see a dumb problem trying to implement LDAP Sync Replication in a group of Debian servers. Everything works fine except userPassword, sambaLMPassword and sambaNTPassowrd attributes; the replicas (two of two) just don't have those attributes in any downloaded entries.
Yes, I have checked the access rights: syncrepl binddn has "read" rights for passwords, and "ldapsearch -H ldap://master..." with RDN and credentials used in replicas shows everything including all three password hashes.