[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Getting Replication to work

To: "'Quanah Gibson-Mount'" <quanah@stanford.edu>, openldap-software@OpenLDAP.org
Subject: RE: Getting Replication to work
From: "West, Jonathan (NIH/NIMH)" <westjo@mail.nih.gov>
Date: Thu, 4 Aug 2005 13:34:19 -0400

Ah HA I was wondering why that wasn't being evaluated, thank you for the
heads up, this might actually help in our production LDAP server as well

-----Original Message-----
From: Quanah Gibson-Mount [mailto:quanah@stanford.edu] 
Sent: Thursday, August 04, 2005 1:04 PM
To: West, Jonathan (NIH/NIMH); openldap-software@OpenLDAP.org
Subject: Re: Getting Replication to work



--On Wednesday, August 03, 2005 2:20 PM -0400 Jon West 
<westjo@mail.nih.gov> wrote:

> Hi, I am currently trying to follow all the online information I have
> found but cannot get replication to work. The Master server is creating
> replication log files correctly but the slave is not making any changes
> what so ever and I don't know what I'm doing wrong
>
> Master slapd.conf

> access to attrs=userPassword
> 	by dn="cn=manager,dc=fmrif,dc=nimh,dc=nih,dc=gov" write
> 	by self write
> 	by anonymous auth
> 	by * none
> access to *
>         by self write
>         by * read
>#       by anonymous auth
>         by dn="cn=manager,dc=fmrif,dc=nimh,dc=nih,dc=gov"

The above line is missing a type of auth?  Anyhow, it will never get 
evaluated, because ACL parsing stops at the first applicable line, which in 
this case is "by * read".  If you want manager to do anything different, it 
must come *before* "by * read".





> --------------------------------------
>
> Slave slapd.conf


> access to attrs=userPassword
> 	by dn="uid=Replicator,ou=People,dc=fmrif,dc=nimh,dc=nih,dc=gov"
write
> 	by self write
> 	by anonymous auth
> 	by * none
> access to *
>         by self write
>         by * read
> 	by * write
>#       by anonymous auth
>#	by dn="cn=manager,dc=fmrif,dc=nimh,dc=nih,dc=gov"
> 	by dn="uid=Replicator,ou=People,dc=fmrif,dc=nimh,dc=nih,dc=gov"
write


The Replicator write line will never be evaluated, because "by * read" will 
be the first matching ACL.  If you want it to have write privileges, it 
needs to be moved above this line.

--Quanah


--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

"These censorship operations against schools and libraries are stronger
than ever in the present religio-political climate. They often focus on
fantasy and sf books, which foster that deadly enemy to bigotry and blind
faith, the imagination." -- Ursula K. Le Guin

Prev by Date: Plugin configuration problem
Next by Date: Re: ACL optimization
Index(es):
- Chronological
- Thread