# ldap replication trouble



## kostya (Feb 8, 2011)

Hi all.

I came across a very interesting problem today. I configured a ldap replication via syncprov. But I can't replicate an attr userPassword. I don't know why.

OS: FreeBSD 8.1 amd64
ldap 2.4.23

I add on master server:

```
index entryCSN,entryUUID    eq
index uid eq
index objectclass eq

access to attrs=userPassword
    by dn="cn=replica,dc=doamin,dc=com" read
    by self         write
    by anonymous    auth
    by *          none

access to dn.subtree="dc=comain,dc=com"
    by dn="cn=replica,dc=domain,dc=com" read
    by * read
    by anonymous auth

overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
```
On slave server add:

```
index    entryCSN eq
index    entryUUID eq
index uid eq
index objectClass eq

access to attrs=userPassword
    by dn="cn=replica,dc=domain,dc=com" write
    by self         write
    by anonymous    auth
    by *          none

access to dn.subtree="dc=domain,dc=com"
    by dn="cn=replica,dc=domain,dc=com" write
    by * read
    by anonymous auth

# replication
syncrepl rid=4
    provider=ldap://master.domain.com
    type=refreshOnly
    interval=00:00:01:00
    searchbase="dc=domain,dc=com"
    schemachecking=off
    bindmethod=simple
    binddn="cn=replica,dc=domain,dc=com"
    credentials=passphrase
    starttls=no
    schemachecking=on
```
Via [cmd=]ldapsearch -LL -H ldap://master.doamin.com -x -D "cn=replica,dc=domain,dc=com" -w passphrase [/cmd]
I can see an userPassword. But replica did not send userPassword to slave server.

Can anyone help me?


----------



## SirDice (Feb 8, 2011)

There are various typos in the DN.


----------



## kostya (Feb 8, 2011)

DN is fictitious in this example.
In real configuration DN are same.


----------



## kostya (Feb 9, 2011)

My problem was very simple. Password contains a dor symbol  and credential=PASSW.ORD or credentials="PASSW.ORD" do not allow bind to master server as binddn directive


----------

