[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [Q] can I replicate several branches to the same slave from one master?

To: <openldap-technical@openldap.org>
Subject: Re: [Q] can I replicate several branches to the same slave from one master?
From: "Zeus Panchenko" <zeus@ibs.dn.ua>
Date: Mon, 03 Jul 2017 21:10:01 +0300
Cc: Andrew Findlay <andrew.findlay@skills-1st.co.uk>
Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAFVBMVEWxsbGdnZ3U1NQTExN cXFzx8fG/v7+f8hyWAAACXUlEQVQ4jUWSwXYiIRBFi4yyhtjtWpmRdTL0ZC3TJOukDa6Rc+T/P2F eFepwtFvr8upVFVDua8mLWw6La4VIKTuMdAPOebdU55sQs3n/D1xFFPFGVGh4AHKttr5K0bS6g7N ZCge7qpVLB+f1Z2WAj2OKXwIWt/bXpdXSiu8KXbviWkHxF5td9+lg2e3xlI2SCvatK8YLfHyh9lw 15yrad8Va5eXg4Llr7QmAaC+dL9sDt9iad/DX3OKvLMBf+dm0A0QuMrTvYIevSik1IaSVvgjIHt5 lSCG2ynNRpEcBZ8cgDWk+Ns99qzsYYV3MZoppWzGtYlTO9+meG6m/g92iNO9LfQB2JZsMpoJs7QG ku2KtabRK0bZRwDLyBDvwlxTm6ZlP7qyOqLcfqtLexpDSB4M0H3I/PQy1emvjjzgK+A0LmMKl6Lq zlqzh0VGAw440F6MJd8cY0nI7wiF/fVIBGY7UNCAXy6DmfYGCLLI0wtDbVcDUMqtJLmAhLqODQAe riERAxXJ1/QYGpa0ymqyytpKC19MNXHjvFmEsfcHIrncFR4xdbYWgmfEGLCcZokpGbGj1egMR+6M 1BkNX1pDdhPcOXpAnAeLQUwQLYepgQoZVNGS61yaE8CYA7gYAcWKzwGstACY2HTFvvOwk4FXAG/a mKHni/EcA/GkOk7I0IK7UMIf3+SahU8/FJdiE7KcuWdM3MFocUDEEIX9LfJoo4xV5tnNKc3jJuSs SZWgnnhepgU1zN4Hii18yW4RwDX52CXUtk0Hqz6cHOIUkWaX8fDcB+J7y1y2xDHwjv/8Buu8Ekz6 7tXQAAAAASUVORK5CYII=
In-reply-to: Your message of Fri, 30 Jun 2017 07:07:27 -0700 <EA4133780032116AA11D9068@[192.168.1.30]>
Organization: I.B.S. LLC
References: <20170627010438.33399@relay.ibs.dn.ua> <WM!778a4deb87ae8f4aec4adbf3dacc05317d4fc574b3889939c06e85d8867011c4f81a61b1af92af1548f5b583d1c5ab0c!@mailstronghold-3.zmailcloud.com> <0E269F8C84B9E78512EDD464@[192.168.1.30]> <20170630080831.47944@relay.ibs.dn.ua> <WM!d1ddae85f172ca823e20c9f3eee7a9557a5f65799b5a8281743d7367fb6417fa72d6f2c66c8e8b58c4cf0beb627a8ebf!@mailstronghold-3.zmailcloud.com> <EA4133780032116AA11D9068@[192.168.1.30]>

Quanah Gibson-Mount <quanah@symas.com> wrote:
> > emm ... I was sure I can not do that on the master side ... just I try
> > do that, I receive full data ...
> 
> Then likely your ACLs were incorrect?
 
yes, they were

at last I was able to fix that and get it working the way (I believe) I want:

---[ slave configuration quotation start ]-------------------------------------------
...
syncrepl rid=0
	 ...
         searchbase="dc=example"
	 ...
...
---[ slave configuration quotation end   ]-------------------------------------------


---[ master configuration quotation start ]-------------------------------------------
...
access to dn.children="cn=example-accesslog"
       by dn.one="ou=repl,ou=system,dc=example" read
       by * break

access to dn.regex="^uid=(.*)@(.*),authorizedService=(mail|xmpp)@(.*),uid=(.*),ou=People,dc=example$"
       attrs=entry,entryCSN,entryUUID,objectClass,cn,o,uid,uidNumber,gidNumber,gecos,homeDirectory,loginShell,userPassword,creatorsName,createTimestamp,modifiersName,modifyTimestamp,mail,rfc822MailMember,sn,telephoneNumber,authorizedService,mu-mailBox
       by dn.exact="uid=replABC,ou=repl,ou=system,dc=example" read
       by * break

access to dn.regex="ou=ABC,ou=Sendmail,dc=example|ou=ABC,ou=DHCP,dc=example"
       by dn.exact="uid=replABC,ou=repl,ou=system,dc=example" read
       by * stop
...
# the final ACL
access to *
        by set="[cn=admin,ou=group,dc=example]/memberUid & user/uid" write
	by peername.ip=127.0.0.1 read
	by self read
	by users search
	by * break
...
---[ master configuration quotation end   ]-------------------------------------------


thank you all, for help!

-- 
Zeus V. Panchenko				jid:zeus@im.ibs.dn.ua
IT Dpt., I.B.S. LLC					  GMT+2 (EET)

Next by Date: package OpenLDAP and lmdb
Index(es):
- Chronological
- Thread