[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: multimaster configuration of openldap-2.0.25
>> If you're using access control lists, I've noted that the ACLs need to
>> allow the updatedn write access explicitly. (no different than
>> single-master replication). It's been suggested that updatedn is
>> treated specially, but that hasn't worked for me-- and I don't see the
>> special allowance for it in the code like I do for rootdn.
>
> It is treated differently (can modify some NO-USER-MODIFICATION
> attributes, and its changes are not propagated to slaves); however it
> is not treated any specially with regard to ACLs (though it could, to
> ease 99% of the administration needs).
On 2.0.23, I couldn't get ACL's to work at all as long as slapd had an
updatedn. Turning that alone off allowed ACL's to work. It's certainly
handled differently somehow.
John
--
John Madden
UNIX Systems Engineer
Ivy Tech State College
jmadden@ivytech.edu