My setup is rather basic. ldaps://ldap.ipodion.at is master/sync
provider. "consumer" is slave/consumer. Everything seems to be working
fine, all attributes are replicated with the notable exception of the
userPassword attribute.
ldapsearch on the consumer shows the missing attributes, so it can't be
a permissions problem:
consumer # ldapsearch -x -LL -D "cn=admin,dc=ipodion,dc=at" -W -H
ldaps://ldap.ipodion.at -b "dc=int,dc=ipodion,dc=at"
"(objectClass=person)" uidNumber userpassword
Enter LDAP Password:
version: 1
dn: cn=NextFreeUnixId,dc=int,dc=ipodion,dc=at
uidNumber: 10007
dn: uid=tkircht,ou=people,dc=int,dc=ipodion,dc=at
uidNumber: 500
userPassword:: e1NNRDV9dXZ1UkxMY1VDaThMSktablRSazJWMElCU2l
dn: uid=Administrator,ou=People,dc=int,dc=ipodion,dc=at
uidNumber: 0
userPassword:: e1NNRDV9c2swZEtCMzUyb2JQTkRucTcxcDczc0VScXpB
[...]
I added the acl for uidNumber just to make sure I didn't mistype any
credential information, but the uidNumber attribute is replicated the
user Password isn't..
I cannot find anything on this in the archives or the documentation -
what am I doing wrong here?!
Any help would be appreciated
thanks, Thomas
Config files:
---------------------------------------------------------
provider:
---------------------------------------------------------
ldap:~# grep -v '^#' /etc/ldap/slapd.conf | grep -v '^$'
allow bind_v2
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/samba.schema
include /etc/ldap/schema/extension.schema
schemacheck on
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
TLSCertificateFile /etc/ssl/certs/ldap.ipodion.cert.pem
TLSCertificateKeyFile /etc/ssl/private/ldap.ipodion.key.pem
TLSCACertificateFile /usr/share/ca-certificates/cacert.org/root.crt
loglevel -1
modulepath /usr/lib/ldap
moduleload back_bdb
moduleload back_meta
moduleload syncprov
backend bdb
database bdb
suffix "dc=ipodion,dc=at"
directory "/var/lib/ldap"
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
index objectClass eq
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
lastmod on
rootdn "cn=admin,dc=ipodion,dc=at"
rootpw <secret>
access to attrs=userPassword
by dn="cn=admin,dc=ipodion,dc=at" write
by anonymous auth
by self write
by * none
access to attrs=uidNumber
by dn="cn=admin,dc=ipodion,dc=at" write
by anonymous auth
by self write
by * none
access to dn.subtree="ou=addressbook,dc=ipodion,dc=at"
by self write
by dn="cn=admin,ou=addressbook,dc=ipodion,dc=at" write
by * read
access to dn.base="" by * read
access to *
by dn="cn=admin,dc=ipodion,dc=at" write
by * read
---------------------------------------------------------
consumer:
---------------------------------------------------------
consumer:~# grep -v '^#' /etc/ldap/slapd.conf | grep -v '^$'
allow bind_v2
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/samba.schema
schemacheck on
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
TLSCACertificateFile /etc/ssl/CA/cacert.pem
loglevel 256
modulepath /usr/lib/ldap
moduleload back_bdb
backend bdb
database bdb
suffix "dc=int,dc=ipodion,dc=at"
directory "/var/lib/ldap"
index objectClass eq
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
lastmod on
rootdn "cn=admin,dc=int,dc=ipodion,dc=at"
rootpw {SSHA}<secret2>
syncrepl rid=667
provider=ldaps://ldap.ipodion.at
type=refreshOnly
interval=01:00:00:00
searchbase="dc=int,dc=ipodion,dc=at"
scope=sub
schemachecking=on
bindmethod=simple
binddn="cn=admin,dc=ipodion,dc=at"
credentials=<secret>
access to attrs=userPassword
by dn="cn=admin,dc=int,dc=ipodion,dc=at" write
by anonymous auth
by self write
by * none
access to dn.base="" by * read
access to *
by dn="cn=admin,dc=int,dc=ipodion,dc=at" write
by * read
--
=========================================================
iPodion GmbH
Rotensterngasse 20/3
A-1020 Wien, Austria
Mobil: +43-660-216 32 98
Tel.:+43-1-216 32 98-0 mailto:office@iPodion.at
Fax: +43-1-216 32 98-28
http://www.iPodion.at
=========================================================
Achtung: Bitte beachten Sie meine neue
Telefonnummer: 0660/2163298