[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Sync replication and "*Password" attributes

To: openldap-software@OpenLDAP.org
Subject: Re: Sync replication and "*Password" attributes
From: Alexey Lobanov <A.Lobanov@gctrials.com>
Date: Tue, 16 Dec 2008 12:17:44 +0300
In-reply-to: <494668AC.8080703@gctrials.com>
Organization: Russian Clinical Trials
References: <494668AC.8080703@gctrials.com>
User-agent: IceDove 1.5.0.14eol (X11/20080724)

The problem was really dumb. An illegally located commented string in
slave configs.

====
syncrepl rid=123
  provider=ldap://ldap.office.rct-int
  type=refreshAndPersist
  interval=00:00:10:00
  searchbase="dc=office,dc=rct-int"
#  filter="(objectClass=qmailUser)||(objectClass=posixGroup)"
  scope=sub
  schemachecking=on
  binddn="uid=syncuser,ou=People,dc=office,dc=rct-int"
========

As the result, parsing ended at "searchbase", and connection to master
was actually anonymous.

Thanks to everyone.

Alexey

15.12.2008 17:24, Alexey Lobanov ÐÐÑÐÑ:


> I see a dumb problem trying to implement LDAP Sync Replication in a
> group of Debian servers. Everything works fine except userPassword,
> sambaLMPassword and sambaNTPassowrd attributes; the replicas (two of
> two) just don't have those attributes in any downloaded entries.

> 
> Yes, I have checked the access rights: syncrepl binddn has "read" rights
> for passwords, and "ldapsearch -H ldap://master..."; with RDN and
> credentials used in replicas shows everything including all three
> password hashes.

References:
- Sync replication and "*Password" attributes
  - From: Alexey Lobanov <A.Lobanov@gctrials.com>

Prev by Date: Re: Sync replication and "*Password" attributes
Next by Date: Re: Re: SASL/GSSAPI: ldap_sasl_interactive_bind_s: Local error (-2)
Index(es):
- Chronological
- Thread