Is cn=admin,dc=aviva,dc=fr the root user? If not he doesn't have write access to userPassword.

Nick

On Sun, May 31, 2020 at 6:29 PM <razvanpopescu@hotmail.com> wrote:

Hi,

I have set up a replication master/slave between 2 openldap 2.4.44 on rhel 7.x.

On the slave server, the userPassword attribute is not replicated by syncrepl, all other attributes are replicated OK

The replication has been set up as follow:

On master server (provider), I have set up :

# replication
moduleload syncprov
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100

On slave server (consumer), I've set up in the /etc/openldap/slapd.conf:

# replication
syncrepl rid=100
provider=ldaps://fr-te-ldap-x1.intra.commercial-union.fr
type=refreshAndPersist
searchbase="dc=aviva,dc=fr"
scope=sub
schemachecking=on
bindmethod=simple
filter="(objectClass=*)"
binddn="cn=admin,dc=aviva,dc=fr"
credentials=redhat
retry="15 +"

index entryUUID,entryCSN eq
sizelimit 100000

On both server ( master, slave) , the ACL has been set up as follow :

access to attrs=userPassword
by self write
by anonymous auth
by * read

access to *
by self read
by users read
by anonymous read

Please help me !
What is wrong in this configuration and why the userPassword attribute is not replicated on slave side ?

Please advice me,

Thank,
Razvan