Is there a special place to put replication directives in slapd.conf? (i.e. before database definitions) Anyway I'm experiencing a weird problem, when i modify the description field for a user on the master server, logs tell me Jan 8 16:39:18 intraly slapd[21004]: => access_allowed: write access granted by write(=wrscx) Jan 8 16:39:18 intraly slapd[21004]: acl: no-user-mod entryCSN: modify access granted Jan 8 16:39:18 intraly slapd[21004]: acl: no-user-mod modifiersName: modify access granted Jan 8 16:39:18 intraly slapd[21004]: acl: no-user-mod modifyTimestamp: modify access granted Then when I start slurpd, i've got that output : conn=0 op=1 MOD attr=description entryCSN modifiersName modifyTimestamp Jan 8 16:40:30 intraly2 slapd[3052]: send_ldap_result: conn=0 op=1 p=3 Jan 8 16:40:30 intraly2 slapd[3052]: send_ldap_result: err=19 matched="" text="entryCSN: no user modification allowed" and the replication fails... here is my acl, I probably did something wrong in there but i don't know what... access to dn.base="" by * read # [2] access to dn.base="cn=Subschema" by * read # Mots de passe Windows protégés access to attrs=lmPassword,ntPassword by self =w by * none # Mot de passe LDAP protégé access to attrs=userPassword by self =w by anonymous auth by * none # Informations publiques access to dn.subtree="ou=People,dc=lyon,dc=cemagref,dc=fr" attrs=entry,uid,inetOrgPerson by self read break by * read # Attributs en lecture seule même pour l'utilisateur access to dn.subtree="ou=People,dc=lyon,dc=cemagref,dc=fr" attrs=uid,mail,smbHome,Gecos,maildropPlace,profilepath,entry by self read by * break # Attributs en écriture access to dn.subtree="ou=People,dc=lyon,dc=cemagref,dc=fr" attrs=inetOrgPerson,Vacation by self write # Accès par défaut: rien access to * by * none |