problème de synchronisation openldap

Support Debian
#1

Boujour tout le monde,

J’ai un petit problème de synchronisation openldap que je vais brièvement vous exposer. (J’en ai perdu tous mes cheveux.)

Voila je travail sur 2 debian lenny avec OpenLDAP server 2.4.11-1 jusque-là rien de spécial.

J’ai une machine provider et l’autre customer, rien de plus classique.

Mais lorsque je fais une synchro refreshAndPersist le customer ne récupère pas le champ userPassword pourquoi ?

J’ai fait plusieurs essais différents en parcourant les forums sur google rien ne passe, sauf quand je retire sur le provider l’ACL suivante :

access to dn.subtree=“dc=truc,dc=fr” attrs=userPassword
by dn=“cn=admin,dc=truc,dc=ffr” write
by dn=“uid=syncuser,ou=roles,dc=truc,dc=fr” read
by self write
by anonymous auth
by * none

Pouvez-vous m’éclairer ? Là je sèche ! :frowning:

Voici la conf du provider :

include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/samba3.schema

pidfile /var/run/slapd/slapd.pid

argsfile /var/run/slapd/slapd.args

loglevel 256

modulepath /usr/lib/ldap
moduleload back_hdb
moduleload syncprov

sizelimit 5000

tool-threads 1

backend hdb

database hdb

suffix “dc=truc,dc=fr”

rootdn "cn=admin,dc=truc,dc=fr"
rootpw debian

directory “/var/lib/ldap”

dbconfig set_cachesize 0 2097152 0
dbconfig set_lk_max_objects 1500
dbconfig set_lk_max_locks 1500
dbconfig set_lk_max_lockers 1500

index objectClass,entryCSN,entryUUID eq
index uidNumber,gidNumber,memberUid eq
index member,mail eq,pres
index cn,displayname,uid,sn,givenname sub,eq,pres
index uniqueMember eq
index sambaSID eq
index sambaGroupType eq
index sambaSIDList eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq

lastmod on
checkpoint 512 30

access to dn.subtree=“dc=truc,dc=fr” attrs=userPassword
by dn=“cn=admin,dc=truc,dc=fr” write
by dn=“uid=syncuser,ou=roles,dc=truc,dc=fr” read
by self write
by anonymous auth
by * none

access to dn.base="" by * read

access to *
by dn=“cn=admin,dc=truc,dc=fr” write
by * read

overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100

Voici la conf du customer :

include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/samba3.schema

pidfile /var/run/slapd/slapd.pid

argsfile /var/run/slapd/slapd.args

loglevel 256

modulepath /usr/lib/ldap
moduleload back_hdb
moduleload syncprov

sizelimit 5000

tool-threads 1

backend hdb

database hdb

suffix “dc=truc,dc=fr”

rootdn "cn=admin,dc=truc,dc=fr"
rootpw debian

directory “/var/lib/ldap”

dbconfig set_cachesize 0 2097152 0
dbconfig set_lk_max_objects 1500
dbconfig set_lk_max_locks 1500
dbconfig set_lk_max_lockers 1500

index objectclass,entryCSN,entryUUID eq
index uidNumber,gidNumber,memberUid eq
index member,mail eq,pres
index cn,displayname,uid,sn,givenname sub,eq,pres
index uniqueMember eq
index sambaSID eq
index sambaGroupType eq
index sambaSIDList eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq

lastmod on
checkpoint 512 30

access to dn.base="" by * read

access to *
by dn=“cn=admin,dc=truc,dc=fr” write
by self write
by * read

syncrepl rid=123
provider=ldap://provider.truc.fr:389
type=refreshAndPersist
searchbase="dc=truc,dc=fr"
scope=sub
schemachecking=off
bindmethod=simple
binddn="uid=syncuser,ou=roles,dc=truc,dc=fr"
credentials=sync