[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: readonly means readonly no matter what?

Am Dienstag,  3. April 2001 09:04 schrieb Bob Tanner:
> Quoting Stephan Siano (stephan.siano@suse.de):
> > > What wins? :-)
> >
> > readonly on always wins. You won't even be able to replicate into that
> > database. BTW: your by * read ACL is never executed :-)
> Hmmm, this post is misleading then.
> http://www.openldap.org/lists/openldap-software/200006/msg00250.html
> It would seem that binding as rootdn allows you to write, but as anything
> else you get readonly access.
> IF readonly always wins, then how do you make a readonly replica?
> Turn readonly off and use ACLs to limit the writes?

Turn readonly off (this is the default anyway) and define a updatedn. The 
replica will accept change requests only from that dn and return a referral 
to updateref <url> for write attempts from anyone else. see the documentation 
for slapd.conf for details.

btw. I'm talkung about OpenLDAP 2.0.x, I don't know how OpenLDAP 1.x behaves 
in this context.

Stephan Siano                           Mail:  Stephan.Siano@suse.de
SuSE Linux Solutions AG                 Phone: 06196 50951 31
Mergenthalerallee 45-47			Fax:   06196 409607
D-65760 Eschborn