[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: multimaster configuration of openldap-2.0.25

To: <masarati@aero.polimi.it>
Subject: Re: multimaster configuration of openldap-2.0.25
From: "John Madden" <jmadden@ivytech.edu>
Date: Fri, 30 Aug 2002 14:48:59 -0500 (EST)
Cc: <asparks@doublesparks.net>, <Olle.Westman@astrazeneca.com>, <hyc@symas.com>, <openldap-software@OpenLDAP.org>
Importance: Normal
In-reply-to: <courier.3D6FE46E.00002BBC@mailsrv.aero.polimi.it>
References: <9F028CC77827D611ACEE0002A5F12F075022AB@semldsntmsx208.seml.astrazeneca.net> <2804.192.168.2.6.1030733222.squirrel@www.doublesparks.net> <courier.3D6FE46E.00002BBC@mailsrv.aero.polimi.it>

>> If you're using access control lists, I've noted that the ACLs need to
>> allow the updatedn write access explicitly.  (no different than
>> single-master replication).  It's been suggested that updatedn is
>> treated specially, but that hasn't worked for me-- and I don't see the
>> special allowance for it in the code like I do for rootdn.
>
> It is treated differently (can modify some NO-USER-MODIFICATION
> attributes, and its changes are not propagated to slaves); however it
> is not treated any specially with regard to ACLs (though it could, to
> ease 99% of the administration needs).

On 2.0.23, I couldn't get ACL's to work at all as long as slapd had an
updatedn.  Turning that alone off allowed ACL's to work.  It's certainly
handled differently somehow.

John






-- 
John Madden
UNIX Systems Engineer
Ivy Tech State College
jmadden@ivytech.edu

References:
- RE: multimaster configuration of openldap-2.0.25
  - From: Olle.Westman@astrazeneca.com
- RE: multimaster configuration of openldap-2.0.25
  - From: "Alan Sparks" <asparks@doublesparks.net>
- Re: multimaster configuration of openldap-2.0.25
  - From: "Pierangelo Masarati" <masarati@aero.polimi.it>

Prev by Date: RE: database ldbm problem
Next by Date: Re: ldapmodify
Index(es):
- Chronological
- Thread