Turbo Fredriksson wrote:
On Fri, 25 May 2012 12:46:50 +0100, Andrew Findlay wrote:
In normal operation it should be enough to read the contextCSN attribute from the root of the replicated subtree on each server:
Ok, most of the servers are now upgraded, but unfortunatly there's two that can't (for various reasons) not be upgraded at this time.
The sync seems to work quite nice between the 2.4.23 and the 2.3.43 servers.
However, the contextCSN missmatches and after examining, it's the password policy object that won't sync...
paragon: 20120616082046.474977 leonis: 20120616082046.474977 leporis: 20120616082046.474977 kelvin: 20120616081559.003550 inbgdxrambo: 20120616081559.003550The first three is 2.4 (paragon is the provider) and kelvin and rambo is 2.3...
I've included the ppolicy.schema in all the servers, schemachecking=off on the consumers but still no policy object...
ppolicy.schema only defines the user attributes. The operational attributes are implemented in the ppolicy overlay. The overlay must be configured on every server for the operational attributes to be replicated.
I do however, now when I look closer, get an error/warning in the log:
Jun 16 15:29:21 rambo slapd[28729]: syncrepl_message_to_entry: rid444 mods check (pwdAttribute: value #0 invalid per syntax) Jun 16 15:29:21 rambo slapd[28729]: do_syncrepl: rid 444 retrying
I tried to take ppolicy.schema from paragon (the original one was version 1.2.2.5 and paragons is 1.7.2.5) but that didn't help.