Borresen, John - 0442 - MITLL wrote: > I'm not trying to implement partial replication. Missed the smiley? Your *first* ACL should give read access to the whole tree to the group of replicas and then pass on all other access checking to the subsequent ACLs (by * break). Something like: limits group="cn=replicas,dc=example,dc=com" time=unlimited size=unlimited access to dn.subtree="ou=ampua" by group="cn=replicas,dc=example,dc=com" read by * break Ciao, Michael. > -----Original Message----- > From: Michael Ströder [mailto:email@example.com] > Sent: Friday, January 31, 2014 2:15 PM > To: Quanah Gibson-Mount; Borresen, John - 0442 - MITLL; firstname.lastname@example.org > Subject: Re: Syncrepl and mmr > > Quanah Gibson-Mount wrote: >> --On Friday, January 31, 2014 1:20 PM -0500 "Borresen, John - 0442 - MITLL" >> <John.Borresen@ll.mit.edu> wrote: >> >>> Thanks, Quanah >>> >>> Not sure what you meant by " Well, it may not have been this issue, but >>> it definite would become an issue then." >>> >>> Was what I did a good thing or not? Curious minds want to know. <lol> >> >> The lack of read permissions for the replication user would absolutely be an >> issue at some point. ;) > > To put it the other way round: > It's very hard to implement partial replication correctly. ;-} > > Ciao, Michael.
Description: S/MIME Cryptographic Signature