Your replication problem I feel you have an ACL problem. userPassword is often governed by it's own ACL in the .access.conf file. Make sure your replication user will use that ACL. Also, check priority in ACLs. There is an order in which they are applied. It's documented in the manual pages and in the Admin guides online.
Your referral update problem is related the above problem. You can never update a slave, and since the replication can not update the slave, you will never get a userPassword attribute. Fix the replication first, and then regroup and attack the second problem.
Turn your LDAP logging up too and you should see the error more explicitly.
Sellers
On Apr 23, 2008, at 3:34 AM, Jacky Wu wrote:
Dear all,
I set up my replication using syncrepl in 2.3.38. The setting is
slave
syncrepl rid=123 provider=ldap://master:389 type=refreshOnly interval=00:00:00:20 searchbase="dc=mycompany,dc=com" schemachecking=on updatedn="uid=repl_writer,dc=mycompany,dc=com" bindmethod=simple binddn="uid=repl_reader,dc=mycompany,dc=com" credentials=secret
updateref ldap://master:389
access to * by dn.exact="uid=repl_writer,dc=mycompany,dc=com" write by dn.exact="uid=repl_reader,dc=mycompany,dc=com" read
master:
overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100
access to * by dn.exact="uid=repl_writer,dc=mycompany,dc=com" write by dn.exact="uid=repl_reader,dc=mycompany,dc=com" read
Problem 1: When I add following user in master:
dn: uid=testuser,dc=mycompany,dc=com objectclass: inetorgperson uid: testuser cn: cn sn: sn userpassword: secret
The userpassword does not replicate to slave. The following is the replicated result in slave.
# testuser, mycompany.com dn: uid=testuser,dc=mycompany,dc=com objectClass: inetOrgPerson uid: testuser cn: cn sn: sn
Problem 2: Since the userpassword is missing in the entry, I want to add it in slave by manual. ldapmodify -x -D "cn=admin,dc=mycompany,dc=com" -w secret - f /tmp/userpassword.ldif
The /tmp/userpassword.ldif is
dn: uid=testuser,dc=mycompany,dc=com changetype: modify add: userPassword userPassword: NewSecret
The following is the running result:
modifying entry "uid=testuser,dc=mycompany,dc=com" ldapmodify: Referral (10) referrals: ldap://master:389/uid=testuser,dc=mycompany,dc=com
Even though the result shows that it will update master by referral, the userpassword in master does not change, and the testuser in slave still do not have attribute userpassword.
After studying the replication configuration, and trying to search the mailist archive, I still do not know how to solve the problem.
Thank you.
Best regards, Jacky
-- John 3:16 For God so loved the world, that He gave His only begotten Son, that whoever believes in Him shall not perish, but have eternal life. http://www.hkccc.org/flash2.htm
______________________________________________ Chris G. Sellers | NITLE - Technology Team 734.661.2318 | chris.sellers@nitle.org AIM: imthewherd | GoogleTalk: cgseller@gmail.com