[Date Prev][Date Next] [Chronological] [Thread] [Top]

SuSE eMail Server 3.1 + LDAP slave replication problem

To: openldap-software@OpenLDAP.org
Subject: SuSE eMail Server 3.1 + LDAP slave replication problem
From: Fabiano Felix <felix@getnet.com.br>
Date: Wed, 16 Oct 2002 11:42:16 -0200
Organization: SuSE Linux do Brasil - Get Net
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.1) Gecko/20020826

Hi all,

I have a SMS 3.1, which is based on OpenLDAP-2.0.11. I create a cn=replica in the directory, and put the necessary ACLs to us. The Master to Slave replication is OK, but when I try to modify a data in the slave server, and it try to send the information to the master, receive the following message:
"Insuficcient Access"

The following ACLs are defined:
##### ACLs ######
access to *
       by dn="cn=replica,dc=getnet,dc=com,dc=br" write	### This ACL is defined only to the data replication
       by * read

# Private AddressBook
access to dn="ou=addr,uid=(.*),dc=getnet,dc=com,dc=br"
 by dn="uid=$1,dc=getnet,dc=com,dc=br" write  by * none

# Hide skyrixGreenConfig
access to attr=skyrixGreenConfig
 by self write
 by peername="127\.0\.0\.1" read
 by peername=::1 read

# To let PAM authenticate
access to attr=userpassword
 by self write
 by anonymous auth
 by * none

access to attr=shadowLastChange
 by self write
 by * read
# only the Admin is allowed to change the members of the addressadmins group
access to dn.base="cn=AddressAdmins,o=AddressBook,dc=getnet,dc=com,dc=br"
 by users read
 by * none

# only the members of the AddressAdmins group are allowed to write to the
# Public Address Book
access to dn.subtree="o=AddressBook,dc=getnet,dc=com,dc=br"
 by group="cn=AddressAdmins,o=AddressBook,dc=getnet,dc=com,dc=br" write
 by users read
 by * none

# handle write access to the personal data (system address book)
# - first look at the OpenLDAPaci attribute
# - if that doesn't exist or the user-dn is not in the subject clause,
#   give write access to the owner of the entry and read acces to anyone else
access to attr=c,cn,telephoneNumber,facsimileTelephoneNumber,pager,title,givenna
me,sn,l,description,mail,street,postalCode,st,homePhone,ou,initials,mobile,label
edURI,preferredLanguage,entry
 by aci write break
 by self write
 by * read# if the above break statement is reached add read access for everyone
access to attr=c,cn,telephoneNumber,facsimileTelephoneNumber,pager,title,givenna
me,sn,l,description,mail,street,postalCode,st,homePhone,ou,initials,mobile,label
edURI,preferredLanguage,entry
 by * +rsc
################

This is the master's configuration to the replication:

### Replication
replica host=192.168.0.193:389
       binddn="cn=replica,dc=getnet,dc=com,dc=br"
       bindmethod=simple credentials=xxxxxx
replogfile      /var/log/slurpd/update_log


This is the slave's configuration to the replication:

#### Replication
updatedn "cn=replica,dc=getnet,dc=com,dc=br"
updateref ldap://192.168.0.3:389


Someone has some idea????

With best regards,

Fabiano

Follow-Ups:
- Re: SuSE eMail Server 3.1 + LDAP slave replication problem
  - From: Ralf Haferkamp <rhafer@suse.de>

Prev by Date: Slow bind on Intel PC with dual NICs
Next by Date: Re: SuSE eMail Server 3.1 + LDAP slave replication problem
Index(es):
- Chronological
- Thread