[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
SuSE eMail Server 3.1 + LDAP slave replication problem
- To: openldap-software@OpenLDAP.org
- Subject: SuSE eMail Server 3.1 + LDAP slave replication problem
- From: Fabiano Felix <felix@getnet.com.br>
- Date: Wed, 16 Oct 2002 11:42:16 -0200
- Organization: SuSE Linux do Brasil - Get Net
- User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.1) Gecko/20020826
Hi all,
I have a SMS 3.1, which is based on OpenLDAP-2.0.11. I create a cn=replica in the directory, and put the necessary ACLs to us. The Master to Slave replication is OK, but when I try to modify a data in the slave server, and it try to send the information to the master, receive the following message:
"Insuficcient Access"
The following ACLs are defined:
##### ACLs ######
access to *
by dn="cn=replica,dc=getnet,dc=com,dc=br" write ### This ACL is defined only to the data replication
by * read
# Private AddressBook
access to dn="ou=addr,uid=(.*),dc=getnet,dc=com,dc=br"
by dn="uid=$1,dc=getnet,dc=com,dc=br" write by * none
# Hide skyrixGreenConfig
access to attr=skyrixGreenConfig
by self write
by peername="127\.0\.0\.1" read
by peername=::1 read
# To let PAM authenticate
access to attr=userpassword
by self write
by anonymous auth
by * none
access to attr=shadowLastChange
by self write
by * read
# only the Admin is allowed to change the members of the addressadmins group
access to dn.base="cn=AddressAdmins,o=AddressBook,dc=getnet,dc=com,dc=br"
by users read
by * none
# only the members of the AddressAdmins group are allowed to write to the
# Public Address Book
access to dn.subtree="o=AddressBook,dc=getnet,dc=com,dc=br"
by group="cn=AddressAdmins,o=AddressBook,dc=getnet,dc=com,dc=br" write
by users read
by * none
# handle write access to the personal data (system address book)
# - first look at the OpenLDAPaci attribute
# - if that doesn't exist or the user-dn is not in the subject clause,
# give write access to the owner of the entry and read acces to anyone else
access to attr=c,cn,telephoneNumber,facsimileTelephoneNumber,pager,title,givenna
me,sn,l,description,mail,street,postalCode,st,homePhone,ou,initials,mobile,label
edURI,preferredLanguage,entry
by aci write break
by self write
by * read# if the above break statement is reached add read access for everyone
access to attr=c,cn,telephoneNumber,facsimileTelephoneNumber,pager,title,givenna
me,sn,l,description,mail,street,postalCode,st,homePhone,ou,initials,mobile,label
edURI,preferredLanguage,entry
by * +rsc
################
This is the master's configuration to the replication:
### Replication
replica host=192.168.0.193:389
binddn="cn=replica,dc=getnet,dc=com,dc=br"
bindmethod=simple credentials=xxxxxx
replogfile /var/log/slurpd/update_log
This is the slave's configuration to the replication:
#### Replication
updatedn "cn=replica,dc=getnet,dc=com,dc=br"
updateref ldap://192.168.0.3:389
Someone has some idea????
With best regards,
Fabiano