[Date Prev][Date Next] [Chronological] [Thread] [Top]

Replication error



Hello list,

Is there a special place to put replication directives in slapd.conf? (i.e. before database definitions)

Anyway I'm experiencing a weird problem, when i modify the description field for a user on the master server, logs tell me

Jan  8 16:39:18 intraly slapd[21004]: => access_allowed: write access granted by write(=wrscx)
Jan  8 16:39:18 intraly slapd[21004]: acl: no-user-mod entryCSN: modify access granted
Jan  8 16:39:18 intraly slapd[21004]: acl: no-user-mod modifiersName: modify access granted
Jan  8 16:39:18 intraly slapd[21004]: acl: no-user-mod modifyTimestamp: modify access granted

Then when I start slurpd, i've got that output :

conn=0 op=1 MOD attr=description entryCSN modifiersName modifyTimestamp
Jan  8 16:40:30 intraly2 slapd[3052]: send_ldap_result: conn=0 op=1 p=3
Jan  8 16:40:30 intraly2 slapd[3052]: send_ldap_result: err=19 matched="" text="entryCSN: no user modification allowed"

and the replication fails...

here is my acl, I probably did something wrong in there but i don't know what...

access to dn.base=""
    by * read

# [2]
access to dn.base="cn=Subschema"
    by * read

# Mots de passe Windows protégés
access to attrs=lmPassword,ntPassword
    by self =w
    by * none

# Mot de passe LDAP protégé
access to attrs=userPassword
    by self =w
    by anonymous auth
    by * none

# Informations publiques
access to
        dn.subtree="ou=People,dc=lyon,dc=cemagref,dc=fr"
        attrs=entry,uid,inetOrgPerson
    by self read break
    by * read

# Attributs en lecture seule même pour l'utilisateur
access to
        dn.subtree="ou=People,dc=lyon,dc=cemagref,dc=fr"
        attrs=uid,mail,smbHome,Gecos,maildropPlace,profilepath,entry
    by self read
    by * break

# Attributs en écriture
access to
        dn.subtree="ou=People,dc=lyon,dc=cemagref,dc=fr"
        attrs=inetOrgPerson,Vacation
    by self write

# Accès par défaut: rien
access to *
    by * none