Am Wed, 17 Aug 2016 14:19:08 +0000 schrieb "Kruger, P (Justid)" p.kruger@justid.nl:

We succesfully installed openldap with:

•   Replication
  
  

•   Password policy
  
  

After applying config policy with olcPPolicyHashCleartext: TRUE the password the replicator user password gets encrypted with ssha.

wrong attribute, read slapd-config(5) on olcPasswordHash

Although, according to what I've read, the password with simple bind should not be encrypted, it seems that replication still is functioning.

The stored Password should be hashed, but as part of a bind operation the password transport must be cleartext.

Questions: Can anybody tell me if should be expected to cause a problem? How do you handle the replication user and password in regards to encrypted passwords?

use TLS, or rely on SASL and DIGEST-MD5.

Second problem we are facing is that the replication OU and underlaying account are not visible anymore. With slapcat the OU is still visible in the LDIF file, but not in the LDAP viewer. If I'm not mistaken, the record is of the type GLUE, which might indicate that it is not properly replicated and therefore not visible?

access rules? do you replicate subordinate databases?

[...]

-Dieter