Re: replication on 2.1.5

[Allan E Johannesen <aej@WPI.EDU>]

>>>>> "Frank.Swasey" == Frank Swasey <Frank.Swasey@uvm.edu> writes:

Frank.Swasey> ----- Original Message ----- From: "Allan E Johannesen"
Frank.Swasey> <aej@WPI.EDU>


>> The replication dn is in a group with write access to *.
>> 
>> Is that not good enough in 2.1.5?

Frank.Swasey> There's been quite a bit of chatter on the openldap-its (or was
Frank.Swasey> it -devel?)  list about there being problems with "groups on
Frank.Swasey> acls" -- I may be completely wrong, but since you said the
Frank.Swasey> replication dn was in a group, I thought it might apply.  Try
Frank.Swasey> putting the replication dn directly on the acl and see if that
Frank.Swasey> fixes it.

Thanks for the suggestion.  I've found it's not just replication, but the
master has these problems, too.   i.e. It's just my misunderstanding of acls, I
guess, although they worked for me in 2.0...

I cut things down severely to experiment, but it still fails.  I'd appreciate
any advice...

Well, this is my slapd.conf, cut down:

rootdn		"cn=Manager,ou=Access,dc=wpi,dc=edu"

# no longer exists as of 2.1?
#defaultaccess	none

access		to attr=userpassword
		by group="cn=superusers, ou=access, dc=wpi, dc=edu" write
		by * auth

access		to *
		by dn="cn=Manager,ou=Access,dc=wpi,dc=edu" write

It still fails with:

/usr/local/bin/ldapmodify -h utility2.wpi.edu -ZZ -x -D cn=manager,ou=access,dc=wpi,dc=edu -W  < dmoss
Enter LDAP Password: 

adding new entry "wpiuuid=87ab3a5e15af4699288805c69e0e6b4d, ou=People, dc=WPI, dc=EDU"
ldapmodify: update failed: wpiuuid=87ab3a5e15af4699288805c69e0e6b4d, ou=People, dc=WPI, dc=EDU
ldap_add: Constraint violation (19)
	additional info: creatorsName: no user modification allowed