[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: multimaster configuration of openldap-2.0.25



>> If you're using access control lists, I've noted that the ACLs need to
>> allow the updatedn write access explicitly.  (no different than
>> single-master replication).  It's been suggested that updatedn is
>> treated specially, but that hasn't worked for me-- and I don't see the
>> special allowance for it in the code like I do for rootdn.
>
> It is treated differently (can modify some NO-USER-MODIFICATION
> attributes, and its changes are not propagated to slaves); however it
> is not treated any specially with regard to ACLs (though it could, to
> ease 99% of the administration needs).

On 2.0.23, I couldn't get ACL's to work at all as long as slapd had an
updatedn.  Turning that alone off allowed ACL's to work.  It's certainly
handled differently somehow.

John






-- 
John Madden
UNIX Systems Engineer
Ivy Tech State College
jmadden@ivytech.edu