[Date Prev][Date Next] [Chronological] [Thread] [Top]

Sync replication and "*Password" attributes

Hello all.

I see a dumb problem trying to implement LDAP Sync Replication in a
group of Debian servers. Everything works fine except userPassword,
sambaLMPassword and sambaNTPassowrd attributes; the replicas (two of
two) just don't have those attributes in any downloaded entries.

Yes, I have checked the access rights: syncrepl binddn has "read" rights
for passwords, and "ldapsearch -H ldap://master..."; with RDN and
credentials used in replicas shows everything including all three
password hashes.

Slave logs show nothing useful. "loglevel Args" at slave mentions all
attributes except those "*Password" upon master entry modification.

OpenLDAP version is 2.3.30-5+etch2, the current in Debian Etch. A
proposal to upgrade to 2.4 will not be accepted unless I'll know about
*exact* change in 2.4 fixing this [mis]behavior; just because the master
is a production server.