[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ACL question (fwd)
Hi James Shvarts,
Before responding, let me say that I'm uncertain if updates fall under the
normal ACL regime. I would have used another approach.
> i have a the following context: ou=origin,dc=myorg,dc=org which contains
> users [...]
A context being a database/backend right? So it has a line
suffix "ou=origin,dc=myorg,dc=org"
> i also have a "replicator" account with the following dn:
> cn=replicator,dc=myorg,dc=org (while my rootdn is:
> cn=admin,dc=myorg,dc=org). the replicator account should be able to
> manipulate users within ou=origin,dc=myorg,dc=org in any possible way
> (insert,update,delete,search,etc).
What you would normally do is to make a similar backend on the slave, that
is, supporting the same suffix,
suffix "ou=origin,dc=myorg,dc=org"
and you would set privileges for updates using
updatedn "cn=replicator,dc=myorg,dc=org"
and probably also
updateref "ldap://master.host.name/"
On the master, you would set
replica host=slave.host.name
binddn="cn=replicator,dc=myorg,dc=org"
bindmethod=... credentials=...
As you can see, the ACL does not come in play.
> ldap_bind: Insufficient access (50).
You may not have setup the updatedn setting in the slave.
Good luck,
Rick van Rein
----- End of forwarded message from Rick van Rein -----