[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Slapd Replication Problem

On 9/13/06, Brian White <bcwhite@precidia.com> wrote:
> You're trying to replicate (i.e. write) as
>>                binddn="uid=slapd,ou=Services,dc=precidia"
> and running into configuration that includes (early on)
>> access    to attrs=userPassword
>>     by anonymous auth
>>     by self write
>>     by * none
> so an attempt to replicate an entry, which includes userPassword, is
> failing because your binddn does not have write access to relevant areas.

So...  I need to add an extra "auth" line for my replication DN?  I
never saw that mentioned in the "OpenLDAP Administrator's Guide"; I
assumed that mentioning it as the "updatedn" would be sufficient.

You need to add an ACL for the updatedn to have write permissions.
It's pretty easy.
access to * by dn.exact="uid=slapd,ou=Services,dc=precidia" write
should do it.  (off the top of my head)  See the slapd.access man page.