On 09/20/2009 03:31 PM, Evgeniy wrote:
Hello.
Openldap 2.4.18, master-slave replication .
Slave server successfully replicates all data, except hashed {sha} passwords.
It is not problem with "access to attrs=userPassword " - I test ithis.
How I can solve it and sync passwords ?
[ slapd.conf ]
master server:
#
index objectClass eq
#
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
#
slave server:
syncrepl rid=<>
provider=ldap://server:389
type=refreshOnly
interval=00:00:05:00
searchbase="dc=company,dc=com"
filter="(objectClass=*)"
scope=sub
attrs="*"
#
schemachecking=off
bindmethod=simple
binddn="cn=adminuser,dc=company,dc=com"
credentials=company-pass
###
Hi,
There are several problems with this syncrepl statement. The first
probably is the cause of your problem.
1) The syncrepl statement in slapd.conf is actually just one line. You
can continue it on new lines by starting them with space. But, if you
insert a comment (# character) anywhere, then the rest of the
configuration will be ignored. So I think your binddn etc are being
ignored. Remove the commend.
2) You have specified "attrs=*". This means "only replicate user
attributes" thus excluding operational attributes. The default for attrs
is "*,+" as specified in the man page. I really recommend not changing
this value.
Hope this helps,
Jonathan
