[Date Prev][Date Next] [Chronological] [Thread] [Top]

Cannot replicate userPassword?

To: openldap-technical@openldap.org
Subject: Cannot replicate userPassword?
From: Thomas Kirchtag <tkircht@ipodion.at>
Date: Tue, 01 Jan 2008 19:16:45 +0100
User-agent: Thunderbird 2.0.0.9 (Windows/20071031)

My setup is rather basic. ldaps://ldap.ipodion.at is master/sync provider. "consumer" is slave/consumer. Everything seems to be working fine, all attributes are replicated with the notable exception of the userPassword attribute. ldapsearch on the consumer shows the missing attributes, so it can't be a permissions problem:

consumer # ldapsearch -x -LL -D "cn=admin,dc=ipodion,dc=at" -W -H ldaps://ldap.ipodion.at -b "dc=int,dc=ipodion,dc=at" "(objectClass=person)" uidNumber userpassword Enter LDAP Password: version: 1

dn: cn=NextFreeUnixId,dc=int,dc=ipodion,dc=at
uidNumber: 10007

dn: uid=tkircht,ou=people,dc=int,dc=ipodion,dc=at
uidNumber: 500
userPassword:: e1NNRDV9dXZ1UkxMY1VDaThMSktablRSazJWMElCU2l

dn: uid=Administrator,ou=People,dc=int,dc=ipodion,dc=at
uidNumber: 0
userPassword:: e1NNRDV9c2swZEtCMzUyb2JQTkRucTcxcDczc0VScXpB
[...]

I added the acl for uidNumber just to make sure I didn't mistype any credential information, but the uidNumber attribute is replicated the user Password isn't.. I cannot find anything on this in the archives or the documentation - what am I doing wrong here?!

Any help would be appreciated

thanks, Thomas

Config files:

---------------------------------------------------------
provider:
---------------------------------------------------------
ldap:~# grep -v '^#' /etc/ldap/slapd.conf | grep -v '^$'
allow bind_v2
include         /etc/ldap/schema/core.schema
include         /etc/ldap/schema/cosine.schema
include         /etc/ldap/schema/nis.schema
include         /etc/ldap/schema/inetorgperson.schema
include         /etc/ldap/schema/samba.schema
include         /etc/ldap/schema/extension.schema
schemacheck     on
pidfile         /var/run/slapd/slapd.pid
argsfile        /var/run/slapd/slapd.args
TLSCertificateFile /etc/ssl/certs/ldap.ipodion.cert.pem
TLSCertificateKeyFile /etc/ssl/private/ldap.ipodion.key.pem
TLSCACertificateFile /usr/share/ca-certificates/cacert.org/root.crt
loglevel       -1
modulepath      /usr/lib/ldap
moduleload      back_bdb
moduleload      back_meta
moduleload      syncprov
backend         bdb
database        bdb
suffix          "dc=ipodion,dc=at"
directory       "/var/lib/ldap"
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
index           objectClass eq
index uidNumber,gidNumber,loginShell    eq,pres
index uid,memberUid                     eq,pres,sub
lastmod         on
rootdn "cn=admin,dc=ipodion,dc=at"
rootpw <secret>
access to attrs=userPassword
       by dn="cn=admin,dc=ipodion,dc=at" write
       by anonymous auth
       by self write
       by * none
access to attrs=uidNumber
       by dn="cn=admin,dc=ipodion,dc=at" write
       by anonymous auth
       by self write
       by * none
access to dn.subtree="ou=addressbook,dc=ipodion,dc=at"
       by self write
       by dn="cn=admin,ou=addressbook,dc=ipodion,dc=at" write
       by * read
access to dn.base="" by * read
access to *
       by dn="cn=admin,dc=ipodion,dc=at" write
       by * read


---------------------------------------------------------
consumer:
---------------------------------------------------------
consumer:~# grep -v '^#' /etc/ldap/slapd.conf | grep -v '^$'
allow bind_v2
include         /etc/ldap/schema/core.schema
include         /etc/ldap/schema/cosine.schema
include         /etc/ldap/schema/nis.schema
include         /etc/ldap/schema/inetorgperson.schema
include         /etc/ldap/schema/samba.schema
schemacheck     on
pidfile         /var/run/slapd/slapd.pid
argsfile        /var/run/slapd/slapd.args
TLSCACertificateFile /etc/ssl/CA/cacert.pem
loglevel       256
modulepath      /usr/lib/ldap
moduleload      back_bdb
backend         bdb
database        bdb
suffix          "dc=int,dc=ipodion,dc=at"
directory       "/var/lib/ldap"
index           objectClass eq
index uidNumber,gidNumber,loginShell    eq,pres
index uid,memberUid                     eq,pres,sub
lastmod         on
rootdn "cn=admin,dc=int,dc=ipodion,dc=at"
rootpw {SSHA}<secret2>
syncrepl rid=667
     provider=ldaps://ldap.ipodion.at
     type=refreshOnly
     interval=01:00:00:00
     searchbase="dc=int,dc=ipodion,dc=at"
     scope=sub
     schemachecking=on
     bindmethod=simple
     binddn="cn=admin,dc=ipodion,dc=at"
     credentials=<secret>
access to attrs=userPassword
       by dn="cn=admin,dc=int,dc=ipodion,dc=at" write
       by anonymous auth
       by self write
       by * none
access to dn.base="" by * read
access to *
       by dn="cn=admin,dc=int,dc=ipodion,dc=at" write
       by * read

-- ========================================================= iPodion GmbH Rotensterngasse 20/3 A-1020 Wien, Austria Mobil: +43-660-216 32 98 Tel.:+43-1-216 32 98-0 mailto:office@iPodion.at Fax: +43-1-216 32 98-28 http://www.iPodion.at ========================================================= Achtung: Bitte beachten Sie meine neue Telefonnummer: 0660/2163298

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Follow-Ups:
- Re: Cannot replicate userPassword?
  - From: Quanah Gibson-Mount <quanah@zimbra.com>

Prev by Date: Re: CN must be indexed?
Next by Date: Re: Cannot replicate userPassword?
Index(es):
- Chronological
- Thread