[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Syncrepl and mmr

To: "Borresen, John - 0442 - MITLL" <John.Borresen@ll.mit.edu>, openldap-technical@openldap.org
Subject: RE: Syncrepl and mmr
From: Quanah Gibson-Mount <quanah@zimbra.com>
Date: Mon, 03 Feb 2014 11:43:36 -0800
Content-disposition: inline
Dkim-filter: OpenDKIM Filter v2.8.4 edge02.zimbra.com 76B9CA621F
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zimbra.com; s=C2AA288C-EE47-11E2-9BB0-E820BDD9BDBF; t=1391456617; bh=AeXiZmTJxPaX7s1q9iKHXxnjog/qpOsj1zomNhSpKOo=; h=Date:From:To:Subject:Message-ID:MIME-Version:Content-Type: Content-Transfer-Encoding; b=eKrAtVh55uboSdVuIYXN5psHaEjE+ryHLjDnKhwXu1cEohnXHhM7qyVz8+bEkU6N2 kpNCP/Plk1kWxpDtzRsJ7Ae9Rr7plzxkw0TmbB8RQsRpzxm7WMywgBm7R+tdPIJDXZ uMrRgApncRT1bS3F9CePLaoktl9lBLK08xD0yh/8=
In-reply-to: <20140203192636.4F24D4416C@edge01.zimbra.com>
References: <1BB724A73E57084D89F6F28ED9E651920AD3170DFB@LLE2K7-BE02.mitll.ad.local> <201401301252.s0UCqYiG032646@boole.openldap.org> <BB8429D49E4807C586371E61@[192.168.1.2]> <20140130202839.1351AA624A@edge02.zimbra.com> <2B630E28DF38ECE010CBD25A@[192.168.1.2]> <20140130212629.B2597A6250@edge02.zimbra.com> <DB1FEF6327E2B46EC94F873B@[192.168.1.2]> <20140130213534.84D20A6263@edge02.zimbra.com> <395A5E98A0BA923103457A7D@[192.168.1.2]> <20140130215154.21246A6250@edge02.zimbra.com> <E05E339BB9E6991AE1EE9034@[192.168.1.2]> <20140131135522.883144425D@edge01.zimbra.com> <8B2D174F182D2F00973C48E7@[192.168.1.2]> <20140131182111.1FCCDA6244@edge02.zimbra.com> <DA81C395D0AF170D0D2E8E2A@[192.168.1.2]> <52EBF648.2030003@stroeder.com> <20140131192626.8EDCB44260@edge01.zimbra.com> <70B15C25BB69C8535EA2BF2E@[192.168.1.2]> <20140131193800.428F9A624B@edge02.zimbra.com> <4555DA4EB27A62A899B751DB@[192.168.1.2]> <20140131213521.0E815A626E@edge02.zimbra.com> <89C7F52021B10496CDC11C3B@[192.168.1.2]> <20140203145812.66A5144228@edge01.zimbra.com> <301D280F978BB72758ED1FC4@[192.168.1.2]> <20140203180713.0E7424423A@edge01.zimbra.com> <4EEB696E0B8A8D3E9C96D37A@[192.168.1.2]> <20140203192636.4F24D4416C@edge01.zimbra.com>

--On Monday, February 03, 2014 2:26 PM -0500 "Borresen, John - 0442 -MITLL" <John.Borresen@ll.mit.edu> wrote:

Ok,

Sanity Check, please.  Still seeing "empty syncUUID" messages.  Also, the
"userPassword" attributes on mm-server2, cannot be seen (via Apache
Directory Studio -- but show up with ldapsearch), but when I attempt to
add (via ldapmodify) it returns value already present.

if it shows up with ldapsearch when binding asuid=ldapreplicator,ou=admins,dc=example,dc=ldap then you are set. I haveno idea who/what you are binding with via apache dir studio.

# {1}bdb, config
dn: olcDatabase={1}bdb,cn=config
olcAccess: {0}to attrs=userPassword,shadowLastChange by self  write by
anonymous auth by dn="cn=ldapadmin,dc=example,dc=ldap" manage by
dn="uid=replicator,ou=Admins,dc=example,dc=ldap" read by * none
olcAccess: {1}to * by * read

Unless you plan on doing some really bizarre things, it is unlikely yourldapadmin needs manage access. See<http://www.openldap.org/its/index.cgi/?findid=7795>

# {2}bdb, config
dn: olcDatabase={2}bdb,cn=config
olcAccess: {0}to * by
dn.exact="uid=replicator,ou=Admins,dc=example,dc=ldap" write by * none



The replicator only ever needs read access, not write.

Also separate nit. You should be doing dn.exact in the first set of ACLsas well (you have it correctly in the second set).


--Quanah

--

Quanah Gibson-Mount
Architect - Server
Zimbra, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration

Follow-Ups:
- RE: Syncrepl and mmr
  - From: "Borresen, John - 0442 - MITLL" <John.Borresen@ll.mit.edu>

References:
- RE: Syncrepl and mmr
  - From: Quanah Gibson-Mount <quanah@zimbra.com>
- RE: Syncrepl and mmr
  - From: Quanah Gibson-Mount <quanah@zimbra.com>

Prev by Date: RE: Syncrepl and mmr
Next by Date: Re: set-based constraint for prefix
Index(es):
- Chronological
- Thread