On 16/07/13 18:36, Quanah Gibson-Mount wrote:are the olcAccess rules identical between the two? When you bind via ldapi, if you examine the logs at 256, is the search being mapped to the same DN on both master and replicas?Hi Quanah, yes, the olcAccess is identical (I've even diffed them). I forgot to mention the version - it's 2.4.28-1.1ubuntu5, the debug logs look like this on the slave:
Ok. I assume you get back valid data when using the rootdn for that DB on the replica?
I would note that this ACL:
olcAccess: {2}to dn.base="" by * read
does not belong in this DB. It belongs in the frontend DB. Here's my
olcAccess statements for my frontend DB:
dn: olcDatabase={-1}frontend
olcAccess: {0}to * by dn.children="cn=admins,cn=zimbra" write by * +0
break
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to dn.base="cn=subschema" by * read
--Quanah
--
Quanah Gibson-Mount
Lead Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration