[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL problem with replica user



Hi,

jawed abbasi <jabbasi@yahoo.com> writes:

> hello
>
>  
>
> I have following set of ACL on Master and Slave , but my replication DN fails while
> writting to slave
>
>  
>
> Master ACL :
>
> access to dn=".*,dc=navtechinc,dc=com"
> attr=userPassword,ntPassword,lmPassword,gecos
>         by dn="cn=Manager,dc=navtechinc,dc=com" write
>         by dn="uid=replica,ou=YkfUsers,ou=users,dc=navtechinc,dc=com" write
>         by self write
>         by * auth
>
> SLAVE ACL:
>
> access to dn=".*,dc=navtechinc,dc=com"
> attr=userPassword,ntPassword,lmPassword,gecos
>         by dn="cn=Manager,dc=navtechinc,dc=com" write
>         by dn="uid=replica,ou=YkfUsers,ou=users,dc=navtechinc,dc=com" write
>         by self write
>         by * read
>         by anonymous none

[...]
As far as I understand access control, it checks the rules and stops
at the first matching rules, that is, if a write request occurs
access control checks for write clauses and stops at the first found
instance, that is "cn-manager,dc=navtechinc,dc=com". You should add a
control function to your clauses, that could be "continue", see man
slapd.access.
Run your slave in debugging mode 128 to watch access control
processing.

-Dieter
-- 
Dieter Kluenter  | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: dkluenter(at)dkluenter.de
http://www.avci.de