[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Cannot replicate userPassword?

I am using OpenLDAP 2.3.25 (most current in Debian stable).
I tried to follow Quanahs suggestion and added

access to *
       by dn="cn=admin,dc=int,dc=ipodion,dc=at" write
       by * read

on the consumer side, but it didn't change anything. I delete /var/lib/ldap/* and startet slapd but still:
consumer /etc/ldap# slapcat | grep userPass
consumer /etc/ldap#

I'd hate to leave the commodity of package management by installing the openLDAP tar-ball but if no other solution is available I will have to...

Thanks for your help so far!


Pierangelo Masarati schrieb:
Quanah Gibson-Mount wrote:
--On Tuesday, January 01, 2008 7:16 PM +0100 Thomas Kirchtag
<tkircht@ipodion.at> wrote:

syncrepl rid=667
access to attrs=userPassword
by dn="cn=admin,dc=int,dc=ipodion,dc=at" write
by anonymous auth
by self write
by * none
Seems clear to me.  It can't write it.  Note that the identity that can
write is:

by dn="cn=admin,dc=int,dc=ipodion,dc=at" write

but syncrepl is acting as:


According to the configuration files posted, the user "cn=admin,dc=ipodion,dc=at" is used as binddn by the consumer, but it is the rootdn on the producer, so it can read all values (the real, harmless error is that there's no point in authorizing access for the rootdn: it has unlimited access privileges). Local writes by syncrepl are performed with the local rootdn's identity, so there's no point in authorizing them either.

Right now, I don't seem to be able to find a reason for the incomplete
replication.  I note that no software version was mentioned, so unless
the latest is used, there might be already resolved issues.  After
checking with the configuration files you provided, I note that OpenLDAP
2.3.40 correctly replicates userPassword as well as all other attrs.


Ing. Pierangelo Masarati OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Email:   pierangelo.masarati@sys-net.it

iPodion GmbH
Rotensterngasse 20/3
A-1020 Wien, Austria
Mobil: +43-660-216 32 98
Tel.:+43-1-216 32 98-0 mailto:office@iPodion.at
Fax: +43-1-216 32 98-28 http://www.iPodion.at
Achtung: Bitte beachten Sie meine neue Telefonnummer: 0660/2163298

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature