[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: syncrepl and structuralObjectClass operational attribute

Le 22/03/2012 21:24, Marvin Mundry a écrit :
Mar 22 17:51:20 ldapz2 slapd[24456]: entry failed schema check: no
structuralObjectClass operational attribute
could it be related to the fact that the binddn account cannot read all
attributes from the master ?
sounds like the replication user is not allowed to read the
structuralObjectClass attribute of the object that's userPassword gets

on the provider try:
ldapsearch -D cn=replicationuser,[...] -w replicationuser-password -b
[...]dc=domain,dc=com cn=user-with-changed-password +

by appending the + symbol you request all structural attributes. if
structuralObjectClass is not returned try adapting your acls.


OK, I tried to search for operational attribute with the replica binddn from the replica to the master:

ldapsearch -x uid=test -H ldap://master.it-sudparis.eu -D cn=replic,ou=System,dc=int-evry,dc=fr -W userpassword cn +
result is
# test, People, int-evry.fr
dn: uid=test,ou=People,dc=int-evry,dc=fr
createTimestamp: 20080910055004Z
cn: Jehan TEST
modifyTimestamp: 20120322172339Z

so I did get some operational attributes, but apparently not all !
what kind of ACL do I need to set to allow all operational attributes to that binddn ?