[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: updateref ignored?
On Monday, August 5, 2002, at 01:42 PM, Kurt D. Zeilenga wrote:
It's generally not wise to set the updatedn and the
rootdn to the same value. Otherwise, changes made
at the slave won't be referred to the master.
OK. Makes sense. Fixed this on the slave and this seems to work
OK. But still have a problem w/the master and I expect it's
because I'm trying to set permissions for a "Replicator" user in
context of multiple databases.
Here's what I've done on the slave:
----
#######################################################################
# ldbm database definition
#######################################################################
# Example School District A DB
database ldbm
suffix "dc=distA,dc=schoolaccess,dc=net"
rootdn "cn=Manager,dc=distA,dc=schoolaccess,dc=net"
#updatedn "cn=Replicator,dc=distA,dc=schoolaccess,dc=net"
#updateref "ldap://209.165.147.136:389";
rootpw secret
directory /var/lib/ldap/distA
index objectClass,uid,uidNumber,gidNumber,memberUid eq
index cn,mail,surname,givenname
eq,subinitial
access to dn=".*,dc=schoolaccess,dc=net"
by dn="cn=Replicator,dc=distA,dc=schoolaccess,dc=net" write
by * read
----
Then I simply added the the Replicator user to the database and all
seems well. I can now add additional users as "Replicator".
However, when I apply the same formula to the master slapd server I
find I don't have the necessary access to add any new user using
the Replicator account. Here's the relevant portion of the config
file from the master slapd server:
----
#######################################################################
# ldbm database definitions
#######################################################################
# Example School District A DB
database ldbm
suffix "dc=distA,dc=schoolaccess,dc=net"
rootdn "cn=Manager,dc=distA,dc=schoolaccess,dc=net"
rootpw secret
directory /var/lib/ldap/distA
index objectClass,uid,uidNumber,gidNumber,memberUid eq
index cn,mail,surname,givenname
eq,subinitial
# Example School District B DB
database ldbm
suffix "dc=distB,dc=schoolaccess,dc=net"
rootdn "cn=Manager,dc=distB,dc=schoolaccess,dc=net"
rootpw secret
directory /var/lib/ldap/distB
index objectClass,uid,uidNumber,gidNumber,memberUid eq
index cn,mail,surname,givenname
eq,subinitial
access to dn=".*,dc=schoolaccess,dc=net"
by dn="cn=Replicator,dc=distA,dc=schoolaccess,dc=net" write
by * read
----
When I try to add a user w/the 2nd database I run into a
permissions error:
ldap_add: Insufficient access
additional info: no write access to parent
So I have a couple of questions here. First, what do I need to do
to make this work in the context of multiple databases. Second, is
there any way for me to write this statement so that I don't have
to modify it as I add new databases. (Their suffix is always
similar: dc=dist<something>,dc=schoolaccess,dc=net.)
Any help w/this is appreciated. I've just read through all the
documentation of permissions that I can find, but still am
perplexed by how to deal w/this situation.
Thanks!
//glw