Hi,

I am running openldap 2.4.40 on Ubuntu 12.04

I need to use N-way multi master replication and there are only 2 masters

I am using syncrepl configuration and for the sake of security I didn't want to use the rootdn credentials for replication (I didnt want slapd.conf to have its password in plain text in syncrepl section)

So I created a ldapreplicator account on both masters just for replication and only has read privileges

I also have a default password policy on the ldap which has requirements that all passwords should expire in 30 days, have lockout duration, etc.

The problem is the password policy is also applied to the ldapreplicator account and due to this, the synchronization fails once the password expires.

I tried to add a different password policy to ldapreplicator using pwdPolicySubentry but keep getting error 21 invalid syntax.

I looked into the documentation and online as well, but I am not sure why I keep getting the invalid syntax error.

​To keep this post short, I am attaching the slapd.conf, the password policies (default and for replicator), the ldif containing instructions for adding password policy to ldapreplicator and log output

I am sure I am missing something, any help would be greatly appreciated​