Re: slurp, master & slave issues

["Pierangelo Masarati" <ando@sys-net.it>]

>> 2) add rules that allow "cn=Replicator,dc=example,dc=com" to write
>> anything, like
>
> I thought about this, but I actually had no rules in place to begin
> with while testing.  Does the lack of rules mean an implicit deny to
> everything from anyone except the rootdn or does the lack of rules
> imply permit to everything from anyone?

As stated in the default slapd.conf provided in the tar ball:

quote:
    # if no access controls are present, the default policy
    # allows anyone and everyone to read anything but restricts
    # updates to rootdn.  (e.g., "access to * by * read")
    #
    # rootdn can always read and write EVERYTHING!

I just copied these lines verbatim in slapd.conf(5) and slapd.access(5).

>
>> # first rule ever: in case identity doesn't match
>> "cn=Replicator,dc=example,dc=com",
>> # control is passed to following rules, without giving any access
>> permissions.
>> access to *
>>    by dn.exact="cn=Replicator,dc=example,dc=com" write
>>    by * none break
>>
>> # other access rules...
>>


You may start with the above, and play with slapd.access(5) to work out
what you need.  Make sure you first read the related bits in the
Administrator's Guide.

p.

-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it


    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497