OpenLDAP Faq-O-Matic : OpenLDAP Software FAQ : Configuration : SLAPD Configuration : Replication : Why can't the updatedn modify the slave? | |
From the slapd.conf(5) man page you might infer that the updatedn is allowed to make changes to the replica in a similar way that the rootdn can, i.e. bypassing ACLs. This is not the case; the updatedn must be granted write access to the entries that it needs to update.
| |
It is generally not a good idea for the updatedn to be set to the same value as the rootdn (of the master slapd(8)).
| |
A simple ACL that gives the updatedn full write permissions is
# give the updateDN "cn=Replica,dc=example,dc=com" auth and write access access to * by dn.exact="cn=Replica,dc=example,dc=com" =xw by * none break # other ACLs...It MUST appear before any other access rule. | |
[Append to This Answer] |
Previous: | Why aren't the clients chasing the update referral returned by the slave SLAPD? |
Next: | How do I add slaves? |
|