[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#6867) Password replication does not work properly in LDAP using openldap 2.4.23

Full_Name: Divyaraj Jadeja
Version: 2.4.23
OS: RHEL 5.0
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (

Issue : Password replication does not work properly in LDAP using openLDAP

Steps to Reproduce:
1. Installed my custom software on 2 machines with HA LDAP configured.
2. Verify that the connectivity between both the machines is working fine.
3. Stopped slapd on Machine2.
4. Created a new user test1 of a particular group on the Machine1.
5. Started slapd on Machine2.
6. Verified that test1 user created in step 4 is present in the LDAP DB on
7. Login user test1 on the Machine2. The password of user test1 expires, login
of the user is successful after changing the password.
8. Login the same user test1 on Machine1.

Actual Result :
The changed password is not accepted on Machine1.
If the original password of user test1 is entered then the password is accepted
and the password expires again.

Scenario 1b (minor modification in steps):
Created a new user. Ensure slapd on both Machine1 & Machine2 is up & running.
Login this user on Machine2, password of this user expires, change the password.
Run ldapsearch command on both the machines. Password is changed on the
secondary dialer but the same is not replicated on the primary dialer.

Expected Result : User's password must get replicated across all the Machines.

Scenario 2 in which LDAP replication does not work.

Steps to Reproduce:
1. Set up 2 machines with HA-LDAP configured.
2. Ensure that there is proper connectivity between both the machines.
3. Stop slapd on machine1.
4. Create a new user test2.
5. Start slapd on machine1.
6. Verify that the user is replicated on machine1.
7. Cange the password, group & description and save.

Actual Result : Changes are present on Machine1 but do not get replicated to
Machine2 even though slapd is up on both the machines.

Additional Observations:
1. This was observed intermittently. The default log is not leading anywhere,
will try setting advanced log & then replicating the issue.
2. The pwd not replicating replicates after some time arnd 10 mins approx, will
find the time again.