Hi,
I redid the configuration from scratch, and I've created a new user (uid=lnadmin,ou=special users,dc=example,dc=com) and I gave him administrative rights.
This new user belongs to the chained area.
I did some tests with this account to modify users attributes including the userPassword attribute from the master server, and it works perfectly.
on the other hand, on the slave, modifying other attributes other than userPassword works and the update is chained.
But modifying userPassword didn't work, and here are the results :
1) Modify givenname from the slaveldapmodify -h localhost -p 389 -D "uid=lnadmin,ou=special users,dc=example,dc=com" -w pass -x <<EOF
dn: uid=user,ou=people,dc=example,dc=com
changetype: modify
replace: sn
sn: Jensen
> EOF
modifying entry "uid=adam,ou=people,dc=example,dc=com"
Result : the modification is done and chained to the master, but I get an error shown in the error log on the slave (see below in bold-red)
Log from the slave :
Access :
[25/Feb/2019:14:56:06.577269198 +0100] conn=54 fd=67 slot=67 connection from ::1 to ::1
[25/Feb/2019:14:56:06.577393763 +0100] conn=54 op=0 BIND dn="uid=lnadmin,ou=special users,dc=example,dc=com" method=128 version=3
[25/Feb/2019:14:56:06.578398778 +0100] conn=54 op=0 RESULT err=0 tag=97 nentries=0 etime=0.0001044129 dn="uid=lnadmin,ou=special users,dc=example,dc=com"
[25/Feb/2019:14:56:06.578704548 +0100] conn=54 op=1 MOD dn="uid=adam,ou=people,dc=example,dc=com"
[25/Feb/2019:14:56:06.677356989 +0100] conn=55 fd=68 slot=68 SSL connection from 192.168.40.101 to 192.168.40.102
[25/Feb/2019:14:56:06.684970522 +0100] conn=55 TLS1.2 256-bit AES-GCM
[25/Feb/2019:14:56:06.685359430 +0100] conn=55 op=0 BIND dn="cn=replication manager,cn=config" method=128 version=3
[25/Feb/2019:14:56:06.685504876 +0100] conn=55 op=0 RESULT err=0 tag=97 nentries=0 etime=0.0008085105 dn="cn=replication manager,cn=config"
[25/Feb/2019:14:56:06.685951988 +0100] conn=55 op=1 SRCH base="" scope=0 filter="(objectClass=*)" attrs="supportedControl supportedExtension"
[25/Feb/2019:14:56:06.686522468 +0100] conn=55 op=1 RESULT err=0 tag=101 nentries=1 etime=0.0000641275
[25/Feb/2019:14:56:06.686921120 +0100] conn=55 op=2 SRCH base="" scope=0 filter="(objectClass=*)" attrs="supportedControl supportedExtension"
[25/Feb/2019:14:56:06.687436239 +0100] conn=55 op=2 RESULT err=0 tag=101 nentries=1 etime=0.0000630283
[25/Feb/2019:14:56:06.687958906 +0100] conn=55 op=3 EXT oid="2.16.840.1.113730.3.5.12" name="replication-multimaster-extop"
[25/Feb/2019:14:56:06.688118224 +0100] conn=55 op=3 RESULT err=0 tag=120 nentries=0 etime=0.0000245044
[25/Feb/2019:14:56:06.689082577 +0100] conn=55 op=4 MOD dn="uid=adam,ou=people,dc=example,dc=com"
[25/Feb/2019:14:56:06.695724845 +0100] conn=54 op=1 RESULT err=0 tag=103 nentries=0 etime=0.0117138489
[25/Feb/2019:14:56:06.696481191 +0100] conn=54 op=2 UNBIND
[25/Feb/2019:14:56:06.696496220 +0100] conn=54 op=2 fd=67 closed - U1
[25/Feb/2019:14:56:06.702453879 +0100] conn=55 op=4 RESULT err=0 tag=103 nentries=0 etime=0.0013403378 csn=5c73f3f6000000010000
[25/Feb/2019:14:56:06.834935702 +0100] conn=55 op=5 EXT oid="2.16.840.1.113730.3.5.5" name="replication-multimaster-extop"
[25/Feb/2019:14:56:06.844701440 +0100] conn=55 op=5 RESULT err=0 tag=120 nentries=0 etime=0.0010011286
Error :
[25/Feb/2019:14:56:06.659891340 +0100] - ERR - managed-entries-plugin - mep_mod_post_op - Unable to fetch postop entry.
[25/Feb/2019:14:56:06.680435055 +0100] - ERR - chaining database - chaining_back_modify - modify (uid=adam,ou=people,dc=example,dc=com): post betxn failed, error (-1)
2) Modify userPassword from the slave using clear text password
ldapmodify -h localhost -p 389 -D "uid=lnadmin,ou=special users,dc=example,dc=com" -w pass -x <<EOF
dn: uid=adam,ou=people,dc=example,dc=com
changetype: modify
replace: userPassword
userPassword: password
EOF
modifying entry "uid=adam,ou=people,dc=example,dc=com"
ldap_modify: Constraint violation (19)
additional info: database configuration error - please contact the system administrator
Result : Error
Log from the slave :Access :
[25/Feb/2019:15:00:05.454617576 +0100] conn=56 fd=67 slot=67 connection from ::1 to ::1
[25/Feb/2019:15:00:05.454793777 +0100] conn=56 op=0 BIND dn="uid=lnadmin,ou=special users,dc=example,dc=com" method=128 version=3
[25/Feb/2019:15:00:05.455743631 +0100] conn=56 op=0 RESULT err=0 tag=97 nentries=0 etime=0.0001039755 dn="uid=lnadmin,ou=special users,dc=example,dc=com"
[25/Feb/2019:15:00:05.456268843 +0100] conn=56 op=1 MOD dn="uid=adam,ou=people,dc=example,dc=com"
[25/Feb/2019:15:00:05.470513293 +0100] conn=56 op=1 RESULT err=19 tag=103 nentries=0 etime=0.0014585377
[25/Feb/2019:15:00:05.470685336 +0100] conn=56 op=2 UNBIND
[25/Feb/2019:15:00:05.470698929 +0100] conn=56 op=2 fd=67 closed - U1
Log from the master:Access:
[25/Feb/2019:15:00:05.690740190 +0100] conn=11 op=5 BIND dn="uid=lnadmin,ou=special users,dc=example,dc=com" method=128 version=3
[25/Feb/2019:15:00:05.690918353 +0100] conn=11 op=5 RESULT err=0 tag=97 nentries=0 etime=0.0000266930 dn="uid=lnadmin,ou=special users,dc=example,dc=com"
[25/Feb/2019:15:00:05.698224736 +0100] conn=30 fd=86 slot=86 SSL connection from 192.168.40.102 to 192.168.40.101
[25/Feb/2019:15:00:05.703258058 +0100] conn=30 TLS1.2 256-bit AES-GCM
[25/Feb/2019:15:00:05.703629324 +0100] conn=30 op=0 BIND dn="cn=replication manager,cn=config" method=128 version=3
[25/Feb/2019:15:00:05.703804399 +0100] conn=30 op=0 RESULT err=0 tag=97 nentries=0 etime=0.0005535704 dn="cn=replication manager,cn=config"
[25/Feb/2019:15:00:05.705870103 +0100] conn=30 op=1 RESULT err=19 tag=103 nentries=0 etime=0.0001493925
[25/Feb/2019:15:00:05.705878415 +0100] conn=30 op=1 MOD dn="uid=adam,ou=people,dc=example,dc=com" authzid="uid=lnadmin,ou=special users,dc=example,dc=com", invalid password syntax
3) Modify userPassword from the slave using encrypted passwordldapmodify -h localhost -p 389 -D "uid=lnadmin,ou=special users,dc=example,dc=com" -w wolverine -x <<EOF
dn: uid=adam,ou=people,dc=example,dc=com
changetype: modify
replace: userPassword
userPassword: {SSHA}gvg6KehxZNYcLnLrAJrI0TzWpQzXH0oe
EOF
modifying entry "uid=adam,ou=people,dc=example,dc=com"
ldap_modify: Constraint violation (19)
additional info: invalid password syntax - passwords with storage scheme are not allowedResult : Error
Log from the slave :Access:
[25/Feb/2019:15:06:15.301550287 +0100] conn=60 fd=67 slot=67 connection from ::1 to ::1
[25/Feb/2019:15:06:15.301676473 +0100] conn=60 op=0 BIND dn="uid=lnadmin,ou=special users,dc=example,dc=com" method=128 version=3
[25/Feb/2019:15:06:15.302595184 +0100] conn=60 op=0 RESULT err=0 tag=97 nentries=0 etime=0.0000958183 dn="uid=lnadmin,ou=special users,dc=example,dc=com"
[25/Feb/2019:15:06:15.303150642 +0100] conn=60 op=1 RESULT err=19 tag=103 nentries=0 etime=0.0000360791
[25/Feb/2019:15:06:15.303157302 +0100] conn=60 op=1 MOD dn="uid=adam,ou=people,dc=example,dc=com", invalid password syntax
[25/Feb/2019:15:06:15.303264055 +0100] conn=60 op=2 UNBIND
[25/Feb/2019:15:06:15.303272482 +0100] conn=60 op=2 fd=67 closed - U1
4) Modify userPassword from the slave using ldappasswdldappasswd -D "uid=lnadmin,ou=special users,dc=example,dc=com" -W -p 389 -h
idm02.example.com -x -ZZ -S "uid=adam,ou=people,dc=example,dc=com"
New password:
Re-enter new password:
Enter LDAP Password:
Result : echo $? returns 0 but the userPassword is not changed
ldapsearch -h 127.0.0.1 -D "uid=adam,ou=people,dc=example,dc=com" -b "ou=people,dc=example,dc=com" -x -w newpass
ldap_bind: Invalid credentials (49)
Log from the slave :
Access :[25/Feb/2019:15:08:09.356356670 +0100] conn=61 fd=67 slot=67 connection from 192.168.40.102 to 192.168.40.102
[25/Feb/2019:15:08:09.356588390 +0100] conn=61 op=0 EXT oid="1.3.6.1.4.1.1466.20037" name="start_tls_plugin"
[25/Feb/2019:15:08:09.356724270 +0100] conn=61 op=0 RESULT err=0 tag=120 nentries=0 etime=0.0000286023
[25/Feb/2019:15:08:09.371819345 +0100] conn=61 TLS1.2 256-bit AES-GCM
[25/Feb/2019:15:08:13.222914479 +0100] conn=61 op=2 BIND dn="uid=lnadmin,ou=special users,dc=example,dc=com" method=128 version=3
[25/Feb/2019:15:08:13.225541735 +0100] conn=61 op=2 RESULT err=0 tag=97 nentries=0 etime=0.0002835224 dn="uid=lnadmin,ou=special users,dc=example,dc=com"
[25/Feb/2019:15:08:13.225980566 +0100] conn=61 op=3 EXT oid="1.3.6.1.4.1.4203.1.11.1" name="passwd_modify_plugin"
[25/Feb/2019:15:08:13.235729939 +0100] conn=61 op=3 RESULT err=0 tag=120 nentries=0 etime=0.0009925134
[25/Feb/2019:15:08:13.236534952 +0100] conn=61 op=4 UNBIND
[25/Feb/2019:15:08:13.236573244 +0100] conn=61 op=4 fd=67 closed - U1
Log from the master:
Access :[25/Feb/2019:15:08:45.318668395 +0100] conn=31 fd=87 slot=87 SSL connection from 192.168.40.102 to 192.168.40.101
[25/Feb/2019:15:08:45.323871405 +0100] conn=31 TLS1.2 256-bit AES-GCM
[25/Feb/2019:15:08:45.324437562 +0100] conn=31 op=0 BIND dn="uid=lnadmin,ou=special users,dc=example,dc=com" method=128 version=3
[25/Feb/2019:15:08:45.324636529 +0100] conn=31 op=0 RESULT err=0 tag=97 nentries=0 etime=0.0005924433 dn="uid=lnadmin,ou=special users,dc=example,dc=com"
Regards.