[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: multimaster configuration of openldap-2.0.25

>> If you're using access control lists, I've noted that the ACLs need to
>> allow the updatedn write access explicitly.  (no different than
>> single-master replication).  It's been suggested that updatedn is
>> treated specially, but that hasn't worked for me-- and I don't see the
>> special allowance for it in the code like I do for rootdn.
> It is treated differently (can modify some NO-USER-MODIFICATION
> attributes, and its changes are not propagated to slaves); however it
> is not treated any specially with regard to ACLs (though it could, to
> ease 99% of the administration needs).

On 2.0.23, I couldn't get ACL's to work at all as long as slapd had an
updatedn.  Turning that alone off allowed ACL's to work.  It's certainly
handled differently somehow.


John Madden
UNIX Systems Engineer
Ivy Tech State College