[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: quick question about a slave openldap server

To: Andreas Hasenack <andreas@conectiva.com.br>
Subject: Re: quick question about a slave openldap server
From: Turbo Fredriksson <turbo@bayour.com>
Date: 27 Mar 2002 13:42:07 +0100
Cc: openldap-software@OpenLDAP.org
In-reply-to: <20020326140432.GB15877@conectiva.com.br>
Organization: LDAP/Kerberos expert wannabe
References: <20020326140432.GB15877@conectiva.com.br>
User-agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7

>>>>> "Andreas" == Andreas Hasenack <andreas@conectiva.com.br> writes:

    Andreas> A slave server has to be read-only, right?

It doesn't _HAVE_ to be, but it _SHOULD_ be (security reasons).

    Andreas> Who are the
    Andreas> ones that can nevertheless write to it? rootdn and
    Andreas> updatedn?

UpdateDN (only!)

    Andreas> If I create a new user for the replication and give this
    Andreas> user write access to the database via ACLs, will it be
    Andreas> able to write to the database even with it being a slave
    Andreas> server?

I don't know if the bug have been fixed, but in the earlier 2.0 series,
it was not possible to make the replica read-only. I therefor have my
slave read-write.

The problem with having a read-write'able slave is that if any modification
on it is done manually (ie, not via the replication process) that change
will exist ONLY (!!) on the slave.. Not quite intended, right?

If you have the slave read-only, NO modification is possible, only the
replication daemon can write to it...

Follow-Ups:
- Re: quick question about a slave openldap server
  - From: Andreas Hasenack <andreas@conectiva.com.br>

References:
- quick question about a slave openldap server
  - From: Andreas Hasenack <andreas@conectiva.com.br>

Prev by Date: Re: LDAP is working - how to logon and whats sasldb ???
Next by Date: Re: OpenLDAP gurus: Problem between 1.2.x client side and 2.0.21-1 slapd?
Index(es):
- Chronological
- Thread