[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slurp, master & slave issues

>> 2) add rules that allow "cn=Replicator,dc=example,dc=com" to write
>> anything, like
> I thought about this, but I actually had no rules in place to begin
> with while testing.  Does the lack of rules mean an implicit deny to
> everything from anyone except the rootdn or does the lack of rules
> imply permit to everything from anyone?

As stated in the default slapd.conf provided in the tar ball:

    # if no access controls are present, the default policy
    # allows anyone and everyone to read anything but restricts
    # updates to rootdn.  (e.g., "access to * by * read")
    # rootdn can always read and write EVERYTHING!

I just copied these lines verbatim in slapd.conf(5) and slapd.access(5).

>> # first rule ever: in case identity doesn't match
>> "cn=Replicator,dc=example,dc=com",
>> # control is passed to following rules, without giving any access
>> permissions.
>> access to *
>>    by dn.exact="cn=Replicator,dc=example,dc=com" write
>>    by * none break
>> # other access rules...

You may start with the above, and play with slapd.access(5) to work out
what you need.  Make sure you first read the related bits in the
Administrator's Guide.


Pierangelo Masarati

    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497