[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SyncRepl Chaining

To: Quanah Gibson-Mount <quanah@zimbra.com>
Subject: Re: SyncRepl Chaining
From: espeake@oreillyauto.com
Date: Fri, 6 Sep 2013 11:52:14 -0500
Cc: openldap-technical@openldap.org
In-reply-to: <0E60476DA07A935954D7321C@[192.168.1.22]>
References: <OF6221F983.DA1F8092-ON86257BCC.004EF16C-86257BCC.00512A01@LocalDomain> <6CA876FB752413CB29E2EA6B@[192.168.1.22]> <OF025EAA37.81DCFA28-ON86257BDE.00508792-86257BDE.00513044@LocalDomain> <C0B20AD5CD5F41CE59386554@[192.168.1.22]> <OF5A07E42A.4C217BE1-ON86257BDE.0055CC85-86257BDE.0055F196@LocalDomain> <2B0E0E65085221BA0FB7BE66@[192.168.1.22]> <OF654A949D.245F7EA3-ON86257BDE.005A7A63-86257BDE.005B103D@LocalDomain> <0E60476DA07A935954D7321C@[192.168.1.22]>



From:	Quanah Gibson-Mount <quanah@zimbra.com>
To:	espeake@oreillyauto.com
Cc:	openldap-technical@openldap.org
Date:	09/06/2013 11:45 AM
Subject:	Re: SyncRepl Chaining



--On Friday, September 06, 2013 11:35 AM -0500 espeake@oreillyauto.com
wrote:

> Here is the olcAcces from the slapcat on the database.  Rule {0} should
> what it is using but becaus eof it not authenticating rule {2} is being
> applied instead.

Did you mean to paste your rules in here and forget? ;)

--Quanah

Yep.  had a hungry child calling me while I was trying to get this out.

olcAccess: {0}to *
    by dn.base="uid=syncrepl,ou=System,dc=oreillyauto,dc=com" read
    by dn.base="uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" read
    by dn.base="uid=ldapAdmin,ou=System,dc=oreillyauto,dc=com" write
    by dn.base="uid=newUserAdmin,ou=System,dc=oreillyauto,dc=com" write
    by dn.base="uid=passwordAdmin,ou=System,dc=oreillyauto,dc=com" write
olcAccess: {1}to dn.subtree="dc=oreillyauto,dc=com"
    by group/groupOfUniqueNames/uniqueMember="cn=System
Administrators,ou=Groups,dc=oreillyauto,dc=com" write
    by group/groupOfUniqueNames/uniqueMember="cn=LDAP
Admin,ou=Groups,dc=oreillyauto,dc=com" write
olcAccess: {2}to attrs=userPassword
    by
group/groupOfUniqueNames/uniqueMember="cn=Authenticate,ou=Groups,dc=oreillyauto,dc=com"
 write
    by anonymous read
olcAccess: {3}to attrs=uid
    by anonymous read
    by users read
olcAccess: {4}to attrs=ou,employeeNumber
    by users read
olcAccess: {5}to dn.subtree="ou=System,dc=oreillyauto,dc=com"
    by dn.subtree="ou=Users,dc=oreillyauto,dc=com" none
    by users read
olcAccess: {6}to dn.children="ou=Groups,dc=oreillyauto,dc=com"
    by dnattr=owner write
    by dnattr=uniqueMember read
    by * none
olcAccess: {7}to dn.children="ou=Users,dc=oreillyauto,dc=com"
    by self read
    by
group/groupOfUniqueNames/uniqueMember="cn=Authenticate,ou=Groups,dc=oreillyauto,dc=com"
 read
    by * none
olcAccess: {8}to *
    by self read
    by users read

--

Quanah Gibson-Mount
Lead Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration

--
This message has been scanned for viruses and dangerous content,
and is believed to be clean.
  Message id: 5D29E600DE9.AF853




This communication and any attachments are confidential, protected by Communications Privacy Act 18 USCS § 2510, solely for the use of the intended recipient, and may contain legally privileged material. If you are not the intended recipient, please return or destroy it immediately. Thank you.

Follow-Ups:
- Re: SyncRepl Chaining
  - From: Quanah Gibson-Mount <quanah@zimbra.com>

References:
- SyncRepl Chaining
  - From: espeake@oreillyauto.com
- Re: SyncRepl Chaining
  - From: Quanah Gibson-Mount <quanah@zimbra.com>
- Re: SyncRepl Chaining
  - From: espeake@oreillyauto.com
- Re: SyncRepl Chaining
  - From: Quanah Gibson-Mount <quanah@zimbra.com>

Prev by Date: Re: SyncRepl Chaining
Next by Date: Re: 2.4.36: test050-syncrepl-multimaster failed for mdm
Index(es):
- Chronological
- Thread