[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: dynamic config replication
- To: Gerard Ranke <gerard.ranke@hku.nl>, openldap-technical@openldap.org
- Subject: Re: dynamic config replication
- From: Quanah Gibson-Mount <quanah@symas.com>
- Date: Wed, 07 Mar 2018 12:50:08 -0800
- Content-disposition: inline
- In-reply-to: <D248F80C5575FD3F98F6B60F@[192.168.1.30]>
- References: <0ec5836b-f9a3-6a7b-6554-c2f22ddb621b@hku.nl> <20180213185935.37e87035@pink.fritz.box> <ed25e4e0-54d2-b416-5181-216f0de8536a@hku.nl> <D248F80C5575FD3F98F6B60F@[192.168.1.30]>
--On Wednesday, March 07, 2018 11:46 AM -0800 Quanah Gibson-Mount
<quanah@symas.com> wrote:
Hi Gerard,
I'll see if I can reproduce via tweaking test059.
I changed test059 to modify an ACL in the cn=config,cn=slave DB, and it
works (replicates to the slave) without issue.
Diff is:
diff --git a/tests/scripts/test059-slave-config
b/tests/scripts/test059-slave-config
index ece5738..a349670 100755
--- a/tests/scripts/test059-slave-config
+++ b/tests/scripts/test059-slave-config
@@ -319,6 +319,8 @@ olcSuffix: $BASEDN
${nullExclude}olcDbDirectory: $DBDIR1B
olcRootDN: $MANAGERDN
olcRootPW: $PASSWD
+olcAccess: {0}to attrs=userPassword by * manage
+olcAccess: {1}to * by * manage
olcSyncRepl: rid=002 provider=$URI1 binddn="$MANAGERDN" bindmethod=simple
credentials=$PASSWD searchbase="$BASEDN" $SYNCTYPE
retry="3 5 300 5" timeout=3
@@ -338,7 +340,9 @@ olcSuffix: $BASEDN
${nullExclude}olcDbDirectory: $DBDIR2A
olcRootDN: $MANAGERDN
olcRootPW: $PASSWD
-olcSyncRepl: rid=002 provider=$URI1 binddn="$MANAGERDN" bindmethod=simple
+olcAccess: {0}to attrs=userPassword by * manage
+olcAccess: {1}to * by * manage
+olcSyncRepl: {0}rid=002 provider=$URI1 binddn="$MANAGERDN"
bindmethod=simple
credentials=$PASSWD searchbase="$BASEDN" $SYNCTYPE
retry="3 5 300 5" timeout=3
olcUpdateRef: $URI1
@@ -367,6 +371,22 @@ EOF
fi
fi
+$LDAPMODIFY -D cn=config -H $URI1 -y $CONFIGPWF <<EOF >>$TESTOUT 2>&1
+dn: olcDatabase={1}$BACKEND,cn=config,cn=slave
+changetype: modify
+delete: olcAccess
+olcAccess: {0}
+-
+add: olcAccess
+olcAccess: {0}to attrs=userPassword by * write
+EOF
+RC=$?
+if test $RC != 0 ; then
+ echo "ldapadd modify for database config ($RC)!"
+ test $KILLSERVERS != no && kill -HUP $KILLPIDS
+ exit $RC
+fi
+
echo "Using ldapadd to populate provider..."
$LDAPADD -D "$MANAGERDN" -H $URI1 -w $PASSWD -f $LDIFORDERED \
>> $TESTOUT 2>&1
You would need to provide significantly more detailed information on the
state of your database (i.e., what the ACL was you were changing and how
you were attempting to change it, etc) to really pursue this further. All
I can say at the moment is "works for me".
Warm regards,
Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>