[Date Prev][Date Next]
Re: syncrepl and structuralObjectClass operational attribute
Le 22/03/2012 21:24, Marvin Mundry a écrit :
OK, I tried to search for operational attribute with the replica binddn
from the replica to the master:
Mar 22 17:51:20 ldapz2 slapd: entry failed schema check: no
structuralObjectClass operational attribute
could it be related to the fact that the binddn account cannot read all
attributes from the master ?
sounds like the replication user is not allowed to read the
structuralObjectClass attribute of the object that's userPassword gets
on the provider try:
ldapsearch -D cn=replicationuser,[...] -w replicationuser-password -b
[...]dc=domain,dc=com cn=user-with-changed-password +
by appending the + symbol you request all structural attributes. if
structuralObjectClass is not returned try adapting your acls.
ldapsearch -x uid=test -H ldap://master.it-sudparis.eu -D
cn=replic,ou=System,dc=int-evry,dc=fr -W userpassword cn +
# test, People, int-evry.fr
cn: Jehan TEST
so I did get some operational attributes, but apparently not all !
what kind of ACL do I need to set to allow all operational attributes to
that binddn ?