[Date Prev][Date Next] [Chronological] [Thread] [Top]

Syncrepl & access control


I want to replicate only parts of my ldap tree. The documentation says, that
access controls applys to the replication, so I created an access control
that looks like the following:

Access to * filter=(foo=bar)
	by dn="cn=syncrepluser,dc=foo,dc=bar"

Now I set the attribute foo to a value of bar in all objects I want to
replicate. (the search filter on the consumer is objectClass=*). This works
so far, but when I delete an object, it doesn't gets deleted on the

When I make an access control in the form

Access to dn.sub="cn=a,dc=foo,dc=bar"
	by dn="cn=syncrepluser,dc=foo,dc=bar"

It works correcly.

So my question is it possible to get my first idea to work i.e. is it a bug,
or is it not possible to do things like this?

If not, is there another possibility to get it working?

Note that I have to replicate a lot of objects from different places, so it
is not a possiblity to create access rules for all objects. Also it's
necessary that the consumer can only see the objects it should replicate and
no other objects. Any idea?


Besuchen Sie uns auf der CeBIT 2006 in Halle 7, Stand B30 (Aladdin)
Gerald Richter            ecos electronic communication services gmbh
IT-Securitylösungen * Webapplikationen mit Apache/Perl/mod_perl/Embperl

Post:       Tulpenstrasse 5          D-55276 Dienheim b. Mainz
E-Mail:     richter@ecos.de          Voice:   +49 6133 939-122
WWW:        http://www.ecos.de/      Fax:     +49 6133 939-333
ECOS BB-5000 Firewall- und IT-Security Appliance: www.bb-5000.info


** Virus checked by BB-5000 Mailfilter **