Re: ACL problem with replica user

[Greg Matthews <gmatt@nerc.ac.uk>]

It looks like you've only allowed write access to 4 attributes unless
you have another acl rule somewhere, or manager is your rootdn.

G

On Thu, 2003-09-11 at 00:29, jawed abbasi wrote:
> hello 
>  
> I have following set of ACL on Master and Slave , but my replication
> DN fails while writting to slave 
>  
> Master ACL :
> access to dn=".*,dc=navtechinc,dc=com"
> attr=userPassword,ntPassword,lmPassword,gecos
>         by dn="cn=Manager,dc=navtechinc,dc=com" write
>         by dn="uid=replica,ou=YkfUsers,ou=users,dc=navtechinc,dc=com"
> write
>         by self write
>         by * auth
> SLAVE ACL:
> access to dn=".*,dc=navtechinc,dc=com"
> attr=userPassword,ntPassword,lmPassword,gecos
>         by dn="cn=Manager,dc=navtechinc,dc=com" write
>         by dn="uid=replica,ou=YkfUsers,ou=users,dc=navtechinc,dc=com"
> write
>         by self write
>         by * read
>         by anonymous none
>  
> This is what  *rej  (rejection )  file  says
>  
> ERROR: Insufficient access
> replica: pcNavYkfSupp1.ykf.navtechinc.com:389
> time: 1062957818.0
> dn: uid=pcnavykfsupp5$,ou=YkfComp,ou=Computers,dc=navtechinc,dc=com
> changetype: add
> objectClass: top
> objectClass: posixAccount
> cn: pcnavykfsupp5$
> uid: pcnavykfsupp5$
> uidNumber: 513
> gidNumber: 553
> homeDirectory: /dev/null
> loginShell: /bin/false
> description: Computer
> creatorsName: cn=Manager,dc=navtechinc,dc=com
> createTimestamp: 20030907180331Z
> modifiersName: cn=Manager,dc=navtechinc,dc=com
> modifyTimestamp: 20030907180331Z
>  
> Can anyone guide me what set of ACL will work for me, I have read faq
> and man and few other ACL docs, tried few things , never was
> successful.
>  
> Thanks
> 
> 
> ______________________________________________________________________
> Do you Yahoo!?
> Yahoo! SiteBuilder - Free, easy-to-use web site design software
-- 
Greg Matthews
iTSS Wallingford	01491 692445