[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: permissions replication

To: openldap-technical@openldap.org
Subject: Re: permissions replication
From: Dieter Klünter <dieter@dkluenter.de>
Date: Mon, 2 Jul 2018 07:08:29 +0200
In-reply-to: <936543b2-d613-3c22-e5ce-c760e4ea8100@netgarden.cz>
Organization: AVCI
References: <936543b2-d613-3c22-e5ce-c760e4ea8100@netgarden.cz>

Am Sun, 1 Jul 2018 14:35:27 +0200
schrieb Miroslav Misek <miroslav.misek@netgarden.cz>:

> Hi,
> 
> I am setting up master-slave replication for our off-site office, so
> it can use authentication against ldap even with internet
> connectivity issues. Replication itself is working without problems.
> But it replicates only data and not olcAccess attributes on database.
> So I have to set them manually.
> 
> Please is there any way to replicate those attributes too?
> 
> I found only one way, and it is master-master replication of
> cn=config database.
> And it is not usable in our environment. Off-site office don`t have 
> public ip. And it is better for me to have this ldap instance
> read-only.

You may consider the experimental aci model instead of stadard acl
model, as defined in slapd.access(5)
http://www.openldap.org/faq/data/cache/634.html

-Dieter


-- 
Dieter Klünter | Systemberatung
http://sys4.de
GPG Key ID: E9ED159B
53°37'09,95"N
10°08'02,42"E

References:
- permissions replication
  - From: Miroslav Misek <miroslav.misek@netgarden.cz>

Prev by Date: permissions replication
Next by Date: test059-slave-config schema replication
Index(es):
- Chronological
- Thread