--- On Fri, 8/21/09, Quanah Gibson-Mount <email@example.com> wrote: > From: Quanah Gibson-Mount <firstname.lastname@example.org> > Subject: Re: top-level data entries not replicating, 2.4.15, now 2.4.17 > To: "Brian Neu" <email@example.com>, firstname.lastname@example.org > Date: Friday, August 21, 2009, 12:05 PM > --On Friday, August 21, 2009 8:52 AM > -0700 Brian Neu <email@example.com> > wrote: > > > I really only created the test2 record to find out why > the > > > > sambaDomainName=SRG,dc=srg,dc=com > > > > record wasn't replicating. > > > > This entry won't replicate either, even with a cn > attribute . . . > > dn:cn=test3,dc=srg,dc=com > > objectclass: top > > objectclass: person > > userpassword:blah > > sn:test3 > > cn:test3 > > Please don't top post. > > Your config is a little... odd. You have per-db > access rules, and yet you break them like you expect more: > > database hdb > suffix "cn=accesslog" > ... > access to * > by dn.base="cn=replicator,dc=srg,dc=com" > read > by * break > > > Not that this hurts anything, but it is a weird read. > > Also, I don't see *any* access rules on the main DB. > You have: > > database hdb > suffix > "dc=srg,dc=com" > .... > database monitor > access to * > by dn.exact="cn=Manager,dc=srg,dc=com" > write > by > dn.exact="uid=root,ou=People,dc=srg,dc=com" write > by dn.base="cn=replicator,dc=srg,dc=com" > read > by * break > > > Which means you just gave a lot of access to the *monitor* > database but not your *primary* database. I suggest go > re-read the slapd.access(5) man page. If you want > global ACLs, they need to come before any "database xyz" > line. If you want per-db ACLs, which I think is what > you're trying to do, then you need to do them > *per-db*. Not the odd acl in accesslog, none in your > main db, and some for your monitor database. > > > > --Quanah > > -- > > Quanah Gibson-Mount > Principal Software Engineer > Zimbra, Inc > -------------------- > Zimbra :: the leader in open source messaging and > collaboration OK, my sloppy ACL is cleaned up and makes much more sense now -- but the problem remains.
Description: Binary data