Re: (ITS#8926) glue records + syncrepl

[frederic.goudal@bordeaux-inp.fr]

> Le 11 oct. 2018 =C3=A0 18:32, Howard Chu <hyc@symas.com> a =C3=A9crit =
:
>=20
> goudal@bordeaux-inp.fr wrote:
>> Full_Name: Fr.d.ric Goudal
>>=20
>> Solution=20
>>    -remove by hand the dn: uid=3Dfoo,ou=3Dbar,dc=3Dmy,dc=3Ddomain, =
that remove the
>> glue object
>>   - create by hand the ou=3Dbar,dc=3Dmy,dc=3Ddomain
>>=20
>> What IMHO slapd should do :
>> - either check that it does not add an object before its parent =
objects
>=20
> No. This behavior is already documented in the Syncrepl specification.
>=20
>> - either convert the glue object to the correct object when the real =
creation is
>> needed.
>=20
> The slapd consumer already does this when running on a local database. =
It would
> require Manage privileges when running through back-ldap. Check your =
back-ldap configuration.

Well=E2=80=A6 I=E2=80=99v read 5 time the documentation on my setup, =
never seen the manage privilege mentioned anywhere=E2=80=A6
Even in the example given for the backend configuration the acls don=E2=80=
=99t mention this =C2=AB manage =C2=BB privilege :

=46rom page : =
https://www.openldap.org/doc/admin24/replication.html#Syncrepl

   # Give the replica DN unlimited read access.  This ACL may need to be
       # merged with other ACL statements.

       access to *
            by dn.base=3D"cn=3Dreplicator,dc=3Dsuretecsystems,dc=3Dcom" =
write
            by * break

       access to dn.base=3D""
               by * read

       access to dn.base=3D"cn=3DSubschema"
               by * read

       access to dn.subtree=3D"cn=3DMonitor"
           by dn.exact=3D"uid=3Dadmin,dc=3Dsuretecsystems,dc=3Dcom" =
write
           by users read
           by * none

       access to *
               by self write
               by * read


Wel.. I can accept it=E2=80=99s a documentation bug=E2=80=A6but where is =
the correct documentation ?


f.g.