[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL question (fwd)

To: openldap-software@OpenLDAP.org
Subject: Re: ACL question (fwd)
From: Rick van Rein <rick@vanrein.org>
Date: Tue, 1 Oct 2002 17:37:30 +0200 (CEST)

Hi James Shvarts,

Before responding, let me say that I'm uncertain if updates fall under the
normal ACL regime.  I would have used another approach.

> i have a the following context: ou=origin,dc=myorg,dc=org which contains 
> users [...]

A context being a database/backend right?  So it has a line
	suffix "ou=origin,dc=myorg,dc=org"

> i also have a "replicator" account with the following dn: 
> cn=replicator,dc=myorg,dc=org (while my rootdn is: 
> cn=admin,dc=myorg,dc=org). the replicator account should be able to 
> manipulate users within ou=origin,dc=myorg,dc=org in any possible way 
> (insert,update,delete,search,etc).

What you would normally do is to make a similar backend on the slave, that
is, supporting the same suffix,
        suffix "ou=origin,dc=myorg,dc=org"

and you would set privileges for updates using
	updatedn "cn=replicator,dc=myorg,dc=org"
and probably also
	updateref "ldap://master.host.name/";


On the master, you would set
	replica host=slave.host.name
		binddn="cn=replicator,dc=myorg,dc=org"
		bindmethod=... credentials=...


As you can see, the ACL does not come in play.

> ldap_bind: Insufficient access (50).

You may not have setup the updatedn setting in the slave.


Good luck,
Rick van Rein

----- End of forwarded message from Rick van Rein -----

Prev by Date: Re: ACL question
Next by Date: Re: ACL question
Index(es):
- Chronological
- Thread