hello
not sure it's the best practice , but here's the ACL I set on my provider to allow replication on consumer with cn=repuser,ou=dsa,dc=mydomain,dc=fr as the replication user DN
# cat olcRepConfigAccess.ldif dn: olcDatabase={3}mdb,cn=config #Database number (3) and type (mdb) might be different on your instance . changetype: modify replace: olcAccess olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break olcAccess: {1}to dn.base="" by * read olcAccess: {2}to dn.base="dc=mydomain,dc=fr" by * read olcAccess: {3}to dn.subtree="dc=mydomain,dc=fr" by dn.exact="cn=repuser,ou=dsa,dc=mydomain,dc=fr" read by * break olcAccess: {4}to attrs=userPassword,shadowLastChange by self write by anonymous auth by dn.exact="cn=repuser,ou=dsa,dc=mydomain,dc=fr" read by * none olcAccess: {5}to * by self read by * none
Then I set it this way
ldapmodify -Y EXTERNAL -H ldapi:/// -f ./olcRepConfigAccess.ldif
hope it helps .
----- Mail original ----- De: razvanpopescu@hotmail.com À: "openldap-technical" openldap-technical@openldap.org Envoyé: Mardi 2 Juin 2020 18:00:46 Objet: Re: userPassword is not replicated
What should I change in my configuration master/slave in terms of ACL prior to replicate the userPassword attribute from provider to consumer ?
Please help me, Razvan