Re: authzTo for user not copied by syncrepl - problem

[Quanah Gibson-Mount <quanah@stanford.edu>]

--On Saturday, March 31, 2007 10:21 PM +0100 tomasz <tomaszd@paraklet.net> 
wrote:

> Quanah Gibson-Mount wrote:
> > --On Friday, March 30, 2007 8:26 PM +0100 tomasz <tomaszd@paraklet.net>
> > wrote:
> >
> > > Pierangelo Masarati wrote:
> > > > tomasz wrote:
> > > > > hi,
> > > > > my problem about it is
> > > > > slave server is not copied attr authzTo from master server
> > > >
> > > > You should explicitly request their replication ...
> > > >
> > > > >         attrs="*"
> > > >
> > > > ... by setting the "attrs" option in "syncrepl" to
> > > >
> > > >     attrs="*,authzFrom,authzTo"
> > >
> > > > Ing. Pierangelo Masarati
> > > > OpenLDAP Core Team
> > > cheers
> > > i will try that at Monday
> > >
> > > thank you
> > >
> > > i thought '*' included everything....
> > > looks like misreading to me...
> > > is it clear in docs?
> >
> > Why are you even setting attrs?  Do you want to *not* copy operational
> > attributes?  Usually you need to do this for things to work right,
> > period. Note that the default for attrs if it is not specified is "*,+",
> > which is all attributes plus all operational attributes.  There is
> > almost never a reason to not just use the default, and plenty of reasons
> > to use it.
> >
> > --Quanah
> thats nice and fine ... but doesnt work...
> i've tried without set up attr for syncrep tried with attrs="*,+";
> attrs="*,authzFrom,authzTo"

How do you know it isn't working?  I.e., have you specifically done an 
ldapsearch on the object requesting the operational attributes?  Or are you 
just doing a normal ldapsearch? or something else?

And if all you need is the default, there's no need to actually specify the 
attrs line.  Helps keep you from making mistakes. ;)

--Quanah

--
Quanah Gibson-Mount
Senior Systems Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html