Hello all.
I see a dumb problem trying to implement LDAP Sync Replication in a group of Debian servers. Everything works fine except userPassword, sambaLMPassword and sambaNTPassowrd attributes; the replicas (two of two) just don't have those attributes in any downloaded entries.
Yes, I have checked the access rights: syncrepl binddn has "read" rights for passwords, and "ldapsearch -H ldap://master..." with RDN and credentials used in replicas shows everything including all three password hashes.
Slave logs show nothing useful. "loglevel Args" at slave mentions all attributes except those "*Password" upon master entry modification.
OpenLDAP version is 2.3.30-5+etch2, the current in Debian Etch. A proposal to upgrade to 2.4 will not be accepted unless I'll know about *exact* change in 2.4 fixing this [mis]behavior; just because the master is a production server.
Alexey