Re: syncrepl 'access to' constraints

[Buchan Milne <bgmilne@staff.telkomsa.net>]

On Wednesday 24 September 2008 11:56:27 Maurizio Lo Bosco wrote:
> Hi All,
> I'm using openldap 2.3.30 on debian etch (-5+etch1) with syncrepl.
> I have configured the write access to a single attribute for a user, I'm
> able to change the attribute with such user but the replace is not
> propagated to the consumers. If I change the same attribute with a user
> with more access rights the syncrepl is working fine.

You need to provide more information here. What I understand from the above 
should not cause any problems.

> I think that some access rules are missing for the user, something like
> contextCSN in the user dn.

The only requirement is that the DN that is used as the binddn in the syncrepl 
statement on the consumer must have read access to all the attributes that are 
required to be replicated to the consumer, plus the entryCSN/entryUUID on all 
the entries that must be replicated, plus the contextCSN on the basedn. 
Additionally, the DN must have a sufficiently large "quota" (time/size limits) 
to retrieve the entire contents that matches the filter used in the consumer 
configuration.

Since you haven't provided any configuration details, it is impossible to 
comment on whether your configuration satisfies these requirements

Regards,
Buchan