25 Apr
2014
25 Apr
'14
4:54 a.m.
Hi
After heartbeat we force password resets and we observe an odd behavior: after a password is changed, a replica will fail bind just as if the password was wrong (LDAP_INVALID_CREDENTIALS), while another replica will accept it. slapcat show idential userPassword hashes everywhere: master, bad replica and good replica.
Destroying the replica data and resyncrhonizing it fixes the problem.
Is there some kind of bind cache somewhere? This is OpenLDAP 2.4.33
--
Emmanuel Dreyfus
manu@netbsd.org