[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: syncrepl missing/ignoring {md5} passwords?

To: openldap-software@OpenLDAP.org
Subject: Re: syncrepl missing/ignoring {md5} passwords?
From: Andreas Hasenack <ahasenack@terra.com.br>
Date: Mon, 19 Jun 2006 17:15:27 -0300
Content-disposition: inline
In-reply-to: <4496DF7B.1080106@techniumcast.com>
References: <4496DF7B.1080106@techniumcast.com>
User-agent: Mutt/1.5.11

On Mon, Jun 19, 2006 at 06:31:39PM +0100, Ade Fewings wrote:
> Dear all
> 
> We are setting up an OpenLDAP 2.3.34 directory server structure and I 
> have started using syncrepl to produce replica servers.  Everything is 
> going OK, except that userPassword's crypt'd using {MD5} rather than 
> {crypt} do not find their way to the slave servers.  The {crypt} 
> passwords get there fine, however. 
> 
> Master slapd.conf bit:
> >#
> ># syncrepl setup
> >#
> >overlay syncprov
> >syncprov-checkpoint 100 10
> >syncprov-sessionlog 100
> 
> 
> Slave slapd.conf bit:
> ># syncrepl setup
> >#
> >syncrepl rid=123
> >        provider=ldap://directory.a.com:389
> >        type=refreshAndPersist
> >        searchbase="dc=a,dc=com"
> >        scope=sub
> >        bindmethod=simple
> >        binddn="cn=syncuser,dc=a,dc=com"
> >        credentials=#######

Are you sure the binddn user can read all needed entries on the server? Like
all userPassword attributes? I don't think the contents of userPassword play a
role here, but the ACLs for that attribute most certainly do. Also, make sure
you remove the search limits (time and size) for this binddn user: you may be
hiting this limit and thinking the issue is something else.

References:
- syncrepl missing/ignoring {md5} passwords?
  - From: Ade Fewings <ade@techniumcast.com>

Prev by Date: Re: Access Control between two domains.
Next by Date: Fwd: Can't auth on shell
Index(es):
- Chronological
- Thread