[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: cannot get base DN / suffix from ldap browsers
Le 24/02/2012 18:45, Jehan Procaccia a écrit :
Hello,
I cannot figure out why on one of my replicas, I cannot browse the DIT .
Apache Directory Studio for example, only show the "root DSE(2)", but
the base DN (namingContext or directory suffix, whatever you call it
...) isn't visible !?
on my others replicas and the master, everything is fine, I do browse
the DIT, the browser shows "root DSE(3)" with the suffix visible.
I might be missing something obvious, but cannot figure out what.
I checked ACL:
access to dn.base="" by * read
access to dn.base="cn=Subschema" by * read
access to dn.subtree="dc=int-evry,dc=fr"
by dn="cn=admin,dc=int-evry,dc=fr" write
by users read
but still, the suffix dc=int-evry,dc=f doesn't shows up on that
particular replica !?
I run openldap-servers-2.4.23-20.el6.i686 with cn=config created from
a slapd.conf transformed with slaptest -f .
Any help greatly appreciated .
I found the reason why my replica wasn't complete
in syncrepl config I had filtered on
"filter="(objectclass=interOrgPerson)"" in order to get only people's
objects (partial replica)
now I modified to filter="(objectClass=*)" and everything is right .
However, I still would like to replicate only some OUs under baseDN
(ou=people and ou=group,ou=system) but not the remaining of OUs below
ou=system => ou=Hosts , ou=Networks, ou=Protocol.
How can I remove those branches to replicate ?
my actual syncrepl config that replicate all:
syncrepl rid=001
provider=ldaps://master.domain.fr
type=refreshAndPersist
searchbase="dc=int-evry,dc=fr"
filter="(objectClass=*)"
attrs="*"
scope=sub
schemachecking=on
bindmethod=simple
retry="60 10 300 +"
binddn="cn=replic,ou=System,dc=int-evry,dc=fr"
credentials="secret"
updateref ldaps://master.domain.fr:636