[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: top-level data entries not replicating, 2.4.15, now 2.4.17



--On Friday, August 21, 2009 8:52 AM -0700 Brian Neu <proclivity76@yahoo.com> wrote:

I really only created the test2 record to find out why the

   sambaDomainName=SRG,dc=srg,dc=com

record wasn't replicating.

This entry won't replicate either, even with a cn attribute . . .
   dn:cn=test3,dc=srg,dc=com
   objectclass: top
   objectclass: person
   userpassword:blah
   sn:test3
   cn:test3

Please don't top post.

Your config is a little... odd. You have per-db access rules, and yet you break them like you expect more:

database	hdb
suffix		"cn=accesslog"
...
access to *
	by dn.base="cn=replicator,dc=srg,dc=com" read
	by * break


Not that this hurts anything, but it is a weird read.

Also, I don't see *any* access rules on the main DB.  You have:

database	hdb
suffix		"dc=srg,dc=com"
....
database monitor
access to *
	by dn.exact="cn=Manager,dc=srg,dc=com" write
	by dn.exact="uid=root,ou=People,dc=srg,dc=com" write
	by dn.base="cn=replicator,dc=srg,dc=com" read
	by * break


Which means you just gave a lot of access to the *monitor* database but not your *primary* database. I suggest go re-read the slapd.access(5) man page. If you want global ACLs, they need to come before any "database xyz" line. If you want per-db ACLs, which I think is what you're trying to do, then you need to do them *per-db*. Not the odd acl in accesslog, none in your main db, and some for your monitor database.



--Quanah

--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration