[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: SyncREPL Behaves Inconsistently (ITS#3262)
> 255 will be good enough to trace the problem.
Will do this evening.
> One question: do you have group acl configured ?
Yes, all DSAs are configured with...
./configure --prefix=/opt/dsa --sysconfdir=/etc
--localstatedir=/var/run/slapd --libexecdir=/opt/dsa/libexec
--libdir=/opt/dsa/lib --mandir=/opt/dsa/man --sbindir=/opt/dsa/sbin
--datadir=/opt/dsa/share --localstatedir=/opt/dsa/var
--includedir=/opt/dsa/include --enable-aclgroups --enable-spasswd
--enable-modules --enable-shared --enable-dynamic --with-tls
--with-cyrus-sasl --enable-crypt --enable-ipv6=yes --enable-aci
--enable-bdb --enable-rewrite --enable-ldap --enable-meta
--enable-monitor --enable-ldbm --enable-sql --enable-lmpasswd
--with-dyngroup --with-proxycache
We are currently testing with "access to * by * write", to see if that
helped the problem (it didn't). Prior to that we were testing with the
following ACL as our first rule....
access to dn.subtree="o=Morrison Industries,c=US"
by dn.base="cn=Administrator,o=Morrison Industries,c=US" write
by group/groupOfUniqueNames/uniqueMember="cn=DSA
Administrators,ou=ACLGroups,o=Morrison Industries,c=US" write
by group/groupOfUniqueNames/uniqueMember="cn=DSA
Replicators,ou=ACLGroups,o=Morrison Industries,c=US" write
by group/groupOfUniqueNames/uniqueMember="cn=Full SyncRepl
Consumers,ou=ACLGroups,o=Morrison Industries,c=US" read
by * break
...with all the SyncREPL consumer's bind dns in "cn=Full SyncRepl
Consumers,ou=ACLGroups,o=Morrison Industries,c=US"