My setup is rather basic. ldaps://ldap.ipodion.at is master/sync provider. "consumer" is slave/consumer. Everything seems to be working fine, all attributes are replicated with the notable exception of the userPassword attribute. ldapsearch on the consumer shows the missing attributes, so it can't be a permissions problem:
consumer # ldapsearch -x -LL -D "cn=admin,dc=ipodion,dc=at" -W -H ldaps://ldap.ipodion.at -b "dc=int,dc=ipodion,dc=at" "(objectClass=person)" uidNumber userpassword Enter LDAP Password: version: 1
dn: cn=NextFreeUnixId,dc=int,dc=ipodion,dc=at uidNumber: 10007
dn: uid=tkircht,ou=people,dc=int,dc=ipodion,dc=at uidNumber: 500 userPassword:: e1NNRDV9dXZ1UkxMY1VDaThMSktablRSazJWMElCU2l
dn: uid=Administrator,ou=People,dc=int,dc=ipodion,dc=at uidNumber: 0 userPassword:: e1NNRDV9c2swZEtCMzUyb2JQTkRucTcxcDczc0VScXpB [...]
I added the acl for uidNumber just to make sure I didn't mistype any credential information, but the uidNumber attribute is replicated the user Password isn't.. I cannot find anything on this in the archives or the documentation - what am I doing wrong here?!
Any help would be appreciated
thanks, Thomas
Config files:
--------------------------------------------------------- provider: --------------------------------------------------------- ldap:~# grep -v '^#' /etc/ldap/slapd.conf | grep -v '^$' allow bind_v2 include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema include /etc/ldap/schema/samba.schema include /etc/ldap/schema/extension.schema schemacheck on pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args TLSCertificateFile /etc/ssl/certs/ldap.ipodion.cert.pem TLSCertificateKeyFile /etc/ssl/private/ldap.ipodion.key.pem TLSCACertificateFile /usr/share/ca-certificates/cacert.org/root.crt loglevel -1 modulepath /usr/lib/ldap moduleload back_bdb moduleload back_meta moduleload syncprov backend bdb database bdb suffix "dc=ipodion,dc=at" directory "/var/lib/ldap" overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100 index objectClass eq index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub lastmod on rootdn "cn=admin,dc=ipodion,dc=at" rootpw <secret> access to attrs=userPassword by dn="cn=admin,dc=ipodion,dc=at" write by anonymous auth by self write by * none access to attrs=uidNumber by dn="cn=admin,dc=ipodion,dc=at" write by anonymous auth by self write by * none access to dn.subtree="ou=addressbook,dc=ipodion,dc=at" by self write by dn="cn=admin,ou=addressbook,dc=ipodion,dc=at" write by * read access to dn.base="" by * read access to * by dn="cn=admin,dc=ipodion,dc=at" write by * read
--------------------------------------------------------- consumer: --------------------------------------------------------- consumer:~# grep -v '^#' /etc/ldap/slapd.conf | grep -v '^$' allow bind_v2 include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema include /etc/ldap/schema/samba.schema schemacheck on pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args TLSCACertificateFile /etc/ssl/CA/cacert.pem loglevel 256 modulepath /usr/lib/ldap moduleload back_bdb backend bdb database bdb suffix "dc=int,dc=ipodion,dc=at" directory "/var/lib/ldap" index objectClass eq index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub lastmod on rootdn "cn=admin,dc=int,dc=ipodion,dc=at" rootpw {SSHA}<secret2> syncrepl rid=667 provider=ldaps://ldap.ipodion.at type=refreshOnly interval=01:00:00:00 searchbase="dc=int,dc=ipodion,dc=at" scope=sub schemachecking=on bindmethod=simple binddn="cn=admin,dc=ipodion,dc=at" credentials=<secret> access to attrs=userPassword by dn="cn=admin,dc=int,dc=ipodion,dc=at" write by anonymous auth by self write by * none access to dn.base="" by * read access to * by dn="cn=admin,dc=int,dc=ipodion,dc=at" write by * read