On Mon, Jun 19, 2006 at 06:31:39PM +0100, Ade Fewings wrote: > Dear all > > We are setting up an OpenLDAP 2.3.34 directory server structure and I > have started using syncrepl to produce replica servers. Everything is > going OK, except that userPassword's crypt'd using {MD5} rather than > {crypt} do not find their way to the slave servers. The {crypt} > passwords get there fine, however. > > Master slapd.conf bit: > ># > ># syncrepl setup > ># > >overlay syncprov > >syncprov-checkpoint 100 10 > >syncprov-sessionlog 100 > > > Slave slapd.conf bit: > ># syncrepl setup > ># > >syncrepl rid=123 > > provider=ldap://directory.a.com:389 > > type=refreshAndPersist > > searchbase="dc=a,dc=com" > > scope=sub > > bindmethod=simple > > binddn="cn=syncuser,dc=a,dc=com" > > credentials=#######
Are you sure the binddn user can read all needed entries on the server? Like all userPassword attributes? I don't think the contents of userPassword play a role here, but the ACLs for that attribute most certainly do. Also, make sure you remove the search limits (time and size) for this binddn user: you may be hiting this limit and thinking the issue is something else.