[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Syncrepl and mmr



--On Monday, February 03, 2014 2:26 PM -0500 "Borresen, John - 0442 - MITLL" <John.Borresen@ll.mit.edu> wrote:
Ok,

Sanity Check, please.  Still seeing "empty syncUUID" messages.  Also, the
"userPassword" attributes on mm-server2, cannot be seen (via Apache
Directory Studio -- but show up with ldapsearch), but when I attempt to
add (via ldapmodify) it returns value already present.
if it shows up with ldapsearch when binding as 
uid=ldapreplicator,ou=admins,dc=example,dc=ldap then you are set.  I have 
no idea who/what you are binding with via apache dir studio.
# {1}bdb, config
dn: olcDatabase={1}bdb,cn=config
olcAccess: {0}to attrs=userPassword,shadowLastChange by self  write by
anonymous auth by dn="cn=ldapadmin,dc=example,dc=ldap" manage by
dn="uid=replicator,ou=Admins,dc=example,dc=ldap" read by * none
olcAccess: {1}to * by * read
Unless you plan on doing some really bizarre things, it is unlikely your 
ldapadmin needs manage access.  See 
<http://www.openldap.org/its/index.cgi/?findid=7795>
# {2}bdb, config
dn: olcDatabase={2}bdb,cn=config
olcAccess: {0}to * by
dn.exact="uid=replicator,ou=Admins,dc=example,dc=ldap" write by * none

The replicator only ever needs read access, not write.

Also separate nit. You should be doing dn.exact in the first set of ACLs as well (you have it correctly in the second set).
--Quanah

--

Quanah Gibson-Mount
Architect - Server
Zimbra, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration