[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Replication of new suffix not possible?

To: yvonne.lootsma@cmg.nl
Subject: Re: Replication of new suffix not possible?
From: Pierangelo Masarati <masarati@aero.polimi.it>
Date: Fri, 16 Nov 2001 10:56:58 +0100 (MET)
Cc: openldap-software@OpenLDAP.org
In-reply-to: <11A760648FE3D211BE5200A0C9F2A19401604A24@NL-ENS-MAIL01> from Yvonne Lootsma at Nov "16," 2001 "09:06:15" am

> Hello,
>  
> I have a system with one master and one slave, which is working fine.
> The rootdn and updatedn are of the following form:
> rootdn: "cn=AAA,o=CCC", 
> updatedn: "cn=BBB,o=CCC"
>  
> There is already a tree with suffix "o=CCC" available in the database, now I
> want to add a new tree with suffix "o=DDD".
> In the slapd.conf files of both the master and the slave I added the
> following line 
> suffix    "o=DDD"
>  
> Everything was restarted and then I try to add to following data:
> 
> dn: o=DDD
> objectClass: top
> objectClass: organization
> o: DDD
> 
> This is correctly added to the master, but the replication to the slave
> fails. I get the following error line in the .rej file:
> 
> ERROR: Insufficient access.

This happens because there's an explicit check for the operating dn 
to be root in case an entry is directly appended to "" and "" is not
a backend suffix.

One quick solution would be to change your database suffix into "" only;
then, provided you give full write access to your updatedn, you'd be
able to add a new root leaf to your database.

A "long" term solution would be to allow the updatedn to do this operation
in lieu of root.  I'll check if this is feasible.

Pierangelo.

References:
- Replication of new suffix not possible?
  - From: Yvonne Lootsma <yvonne.lootsma@cmg.nl>

Prev by Date: secure replication (slurpd, TLS)
Next by Date: Schema and Attribute define??
Index(es):
- Chronological
- Thread