[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: replication on 2.1.5
>>>>> "Frank.Swasey" == Frank Swasey <Frank.Swasey@uvm.edu> writes:
Frank.Swasey> ----- Original Message ----- From: "Allan E Johannesen"
Frank.Swasey> <aej@WPI.EDU>
>> The replication dn is in a group with write access to *.
>>
>> Is that not good enough in 2.1.5?
Frank.Swasey> There's been quite a bit of chatter on the openldap-its (or was
Frank.Swasey> it -devel?) list about there being problems with "groups on
Frank.Swasey> acls" -- I may be completely wrong, but since you said the
Frank.Swasey> replication dn was in a group, I thought it might apply. Try
Frank.Swasey> putting the replication dn directly on the acl and see if that
Frank.Swasey> fixes it.
Thanks for the suggestion. I've found it's not just replication, but the
master has these problems, too. i.e. It's just my misunderstanding of acls, I
guess, although they worked for me in 2.0...
I cut things down severely to experiment, but it still fails. I'd appreciate
any advice...
Well, this is my slapd.conf, cut down:
rootdn "cn=Manager,ou=Access,dc=wpi,dc=edu"
# no longer exists as of 2.1?
#defaultaccess none
access to attr=userpassword
by group="cn=superusers, ou=access, dc=wpi, dc=edu" write
by * auth
access to *
by dn="cn=Manager,ou=Access,dc=wpi,dc=edu" write
It still fails with:
/usr/local/bin/ldapmodify -h utility2.wpi.edu -ZZ -x -D cn=manager,ou=access,dc=wpi,dc=edu -W < dmoss
Enter LDAP Password:
adding new entry "wpiuuid=87ab3a5e15af4699288805c69e0e6b4d, ou=People, dc=WPI, dc=EDU"
ldapmodify: update failed: wpiuuid=87ab3a5e15af4699288805c69e0e6b4d, ou=People, dc=WPI, dc=EDU
ldap_add: Constraint violation (19)
additional info: creatorsName: no user modification allowed