Is cn=admin,dc=aviva,dc=fr the root user?  If not he doesn't have write access to userPassword.


On Sun, May 31, 2020 at 6:29 PM <> wrote:

I have set up  a replication master/slave between 2 openldap 2.4.44 on rhel 7.x.

On the slave server, the userPassword attribute is not replicated by syncrepl, all other attributes are replicated OK

The replication has been set up as follow:

On master server  (provider), I have set up :

# replication
moduleload syncprov
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100

On slave server (consumer), I've set up in the /etc/openldap/slapd.conf:

# replication
syncrepl rid=100
   retry="15 +"

index entryUUID,entryCSN        eq
sizelimit 100000

On both server ( master, slave) , the ACL has been set up as follow :

access to attrs=userPassword
        by self       write
        by anonymous  auth
        by *          read

access to *
        by self read
        by users read
        by anonymous read

Please help me !
What is wrong in this configuration and why the userPassword attribute is not replicated on slave side ?

Please advice me,