[Date Prev][Date Next]
Re: slurp, master & slave issues
>> 2) add rules that allow "cn=Replicator,dc=example,dc=com" to write
>> anything, like
> I thought about this, but I actually had no rules in place to begin
> with while testing. Does the lack of rules mean an implicit deny to
> everything from anyone except the rootdn or does the lack of rules
> imply permit to everything from anyone?
As stated in the default slapd.conf provided in the tar ball:
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
# rootdn can always read and write EVERYTHING!
I just copied these lines verbatim in slapd.conf(5) and slapd.access(5).
>> # first rule ever: in case identity doesn't match
>> # control is passed to following rules, without giving any access
>> access to *
>> by dn.exact="cn=Replicator,dc=example,dc=com" write
>> by * none break
>> # other access rules...
You may start with the above, and play with slapd.access(5) to work out
what you need. Make sure you first read the related bits in the
SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497