The problem was really dumb. An illegally located commented string in slave configs.
==== syncrepl rid=123 provider=ldap://ldap.office.rct-int type=refreshAndPersist interval=00:00:10:00 searchbase="dc=office,dc=rct-int" # filter="(objectClass=qmailUser)||(objectClass=posixGroup)" scope=sub schemachecking=on binddn="uid=syncuser,ou=People,dc=office,dc=rct-int" ======== As the result, parsing ended at "searchbase", and connection to master was actually anonymous. Thanks to everyone. Alexey 15.12.2008 17:24, Alexey Lobanov пишет: > I see a dumb problem trying to implement LDAP Sync Replication in a > group of Debian servers. Everything works fine except userPassword, > sambaLMPassword and sambaNTPassowrd attributes; the replicas (two of > two) just don't have those attributes in any downloaded entries. > > Yes, I have checked the access rights: syncrepl binddn has "read" rights > for passwords, and "ldapsearch -H ldap://master..."; with RDN and > credentials used in replicas shows everything including all three > password hashes.
