[Date Prev][Date Next]
Re: slurp, master & slave issues
On 28-Oct-04, at 11:56 AM, Pierangelo Masarati wrote:
2) add rules that allow "cn=Replicator,dc=example,dc=com" to write
I thought about this, but I actually had no rules in place to begin
with while testing. Does the lack of rules mean an implicit deny to
everything from anyone except the rootdn or does the lack of rules
imply permit to everything from anyone?
As stated in the default slapd.conf provided in the tar ball:
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
# rootdn can always read and write EVERYTHING!
I just copied these lines verbatim in slapd.conf(5) and
Ok, I feel stupid.
# first rule ever: in case identity doesn't match
# control is passed to following rules, without giving any access
access to *
by dn.exact="cn=Replicator,dc=example,dc=com" write
by * none break
# other access rules...
You may start with the above, and play with slapd.access(5) to work out
what you need. Make sure you first read the related bits in the
SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: