When I add a user to one of my test openldap systems (2.4.9), some but
not all, of that user's attributes are propagated.
The big obvious one is userPassword. When I play around with the
settings I have been able to figure out that the only attributes being
migrated are ones which are visible to anon binds. This doesn't make
any sense to me. When I do an ldapsearch as the user I setup for
syncrepl I can see everything in the user's ldif as well as in
cn=accesslog.
The sync user can see the attributes, and I haven't limited what
syncrepl will pull down.... any guesses as to what I have overlooked?
Pat
-----------------------------
syncprov-checkpoint 100 10
syncprov-sessionlog 200
syncprov-nopresent TRUE
syncprov-reloadhint TRUE
# <snip>
serverID 2
syncrepl rid=1
provider=ldaps://testldap1.iwu.edu/
searchbase="dc=testldap,dc=iwu,dc=edu"
scope=sub
type=refreshAndPersist
interval=00:00:00:30
retry="15 +"
timeout=1
bindmethod=simple
# starttls=critical
tls_cert=/etc/ldap/ssl/testldap.iwu.edu.crt
tls_key=/etc/ldap/ssl/testldap_privkey.key
tls_cacert=/etc/ldap/ssl/IWU.crt
tls_reqcert=demand
tls_crlcheck=none
binddn="cn=syncrepl,dc=testldap,dc=iwu,dc=edu"
credentials=please
schemachecking=off
syncdata=accesslog
logbase="cn=accesslog"
logfilter="(&(objectClass=auditWriteObject)(reqResult=0))"
mirrormode on
