Is cn=admin,dc=aviva,dc=fr the root user? If not he doesn't have write access to userPassword.
Nick
On Sun, May 31, 2020 at 6:29 PM razvanpopescu@hotmail.com wrote:
Hi,
I have set up a replication master/slave between 2 openldap 2.4.44 on rhel 7.x.
On the slave server, the userPassword attribute is not replicated by syncrepl, all other attributes are replicated OK
The replication has been set up as follow:
On master server (provider), I have set up :
# replication moduleload syncprov overlay syncprov syncprov-checkpoint 100 10 syncprov-sessionlog 100
On slave server (consumer), I've set up in the /etc/openldap/slapd.conf:
# replication syncrepl rid=100 provider=ldaps://fr-te-ldap-x1.intra.commercial-union.fr type=refreshAndPersist searchbase="dc=aviva,dc=fr" scope=sub schemachecking=on bindmethod=simple filter="(objectClass=*)" binddn="cn=admin,dc=aviva,dc=fr" credentials=redhat retry="15 +"
index entryUUID,entryCSN eq sizelimit 100000
On both server ( master, slave) , the ACL has been set up as follow :
access to attrs=userPassword by self write by anonymous auth by * read
access to * by self read by users read by anonymous read
Please help me ! What is wrong in this configuration and why the userPassword attribute is not replicated on slave side ?
Please advice me,
Thank, Razvan