[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Replica Problem ... permission ?



I believe that "updatedn" is per "database" directive. So if you have one
"database" specification, you use one updatedn on your slave; two
"database" directives, two updatedns, and so on.

If you want to specify additional DNs with write access:

(a) those DNs should be writing to your master, not your slave.
(b) you can use ACLs to grant those DNs access, again on the master, not
the slave.


And the point of my message was to get you to add a
"cn=Replicator,dc=linux,dc=com" so you DON'T need to replicate as rootdn.
Try using slapadd(8) on the slave to add the cn=Replicator entry, for
instance.

On Sat, 1 Jul 2006, Alcor wrote:

> Thanx Aron !
> Now is working with the rootdn ... but ... I need ... that some dn with
> password access (replication) to a part of the tree ...
> so I put 3 "replica" in the server ... can I put 3 diferent updatedn in 1
> slave to test it ??
>
> Thanx
>
> Alcor
>
>
> ----- Original Message -----
> From: "Aaron Richton" <richton@nbcs.rutgers.edu>
> To: "Alcor" <alcor@fibertel.com.ar>
> Cc: <OpenLDAP-software@OpenLDAP.org>
> Sent: Friday, June 30, 2006 10:37 AM
> Subject: Re: Replica Problem ... permission ?
>
>
> > The ability to run
> >> ldapsearch -x -h 10.0.0.187 -D"cn=Manager,dc=linux,dc=com" -w secret
> >
> > has very little to do with
> >> replica host=10.0.0.2:389 binddn="cn=Replicator,dc=linux,dc=com"
> >> bindmethod=simple  credentials=secret
> >
> > resulting in
> >> Error: ldap_simple_bind_s for 10.0.0.2:389 failed: Invalid credentials
> >
> >
> > Perhaps you should configure things such that
> >
> >   ldapsearch -x -h 10.0.0.2 -D "cn=Replicator,dc=linux,dc=com" -w secret
> >
> > works, which I'd imagine it doesn't at this point. Adding the
> > "cn=Replicator,dc=linux,dc=com" entry might be a good idea.