[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Sync replication and "*Password" attributes


15.12.2008 18:26, Aaron Richton ÐÐÑÐÑ:

> On Mon, 15 Dec 2008, Alexey Lobanov wrote:

>> group of Debian servers. Everything works fine except userPassword,
>> sambaLMPassword and sambaNTPassowrd attributes; the replicas (two of
>> two) just don't have those attributes in any downloaded entries.

> Are sambaLMPassword/sambaNTPassword visible on the slave cn=Subschema?
> (slapd -d config perhaps, too.)

The master and slave schemas are absolutely identical. Just rsynced. And
the attributes are present in schema, because I can add them manually
with an editor like Luma.

root@mail:/etc/ldap/schema# slapd -d config
reading config file /etc/ldap/schema/samba.schema
line 185 (attributetype ( NAME 'sambaLMPassword'
DESC 'LanManager Password' EQUALITY caseIgnoreIA5Match SYNTAX{32} SINGLE-VALUE ))

line 190 (attributetype ( NAME 'sambaNTPassword'
DESC 'MD4 hash of the unicode password' EQUALITY caseIgnoreIA5Match

However, I am really surprised now. There is no "NAME 'userPassword'"
definition in schema files, neither in master nor in slaves. More
exactly, the definition in generic core.schema is commented out:

# system schema
#attributetype ( NAME 'userPassword'
#       DESC 'RFC2256/2307: password of user'
#       EQUALITY octetStringMatch
#       SYNTAX{128} )

It looks like that this attribute definition is hardcoded in slapd. Correct?