> Mar 22 17:51:20 ldapz2 slapd[24456]: entry failed schema check: no > structuralObjectClass operational attribute
> could it be related to the fact that the binddn account cannot read all > attributes from the master ? sounds like the replication user is not allowed to read the structuralObjectClass attribute of the object that's userPassword gets modified. on the provider try: ldapsearch -D cn=replicationuser,[...] -w replicationuser-password -b [...]dc=domain,dc=com cn=user-with-changed-password + by appending the + symbol you request all structural attributes. if structuralObjectClass is not returned try adapting your acls. bests, Marvin
