Re: slurp, master & slave issues

[Jason Lixfeld <jason+lists.openldap@lixfeld.ca>]

On 28-Oct-04, at 11:56 AM, Pierangelo Masarati wrote:

> > > 2) add rules that allow "cn=Replicator,dc=example,dc=com" to write
> > > anything, like
> >
> > I thought about this, but I actually had no rules in place to begin
> > with while testing.  Does the lack of rules mean an implicit deny to
> > everything from anyone except the rootdn or does the lack of rules
> > imply permit to everything from anyone?
>
> As stated in the default slapd.conf provided in the tar ball:
>
> quote:
>     # if no access controls are present, the default policy
>     # allows anyone and everyone to read anything but restricts
>     # updates to rootdn.  (e.g., "access to * by * read")
>     #
>     # rootdn can always read and write EVERYTHING!
>
> I just copied these lines verbatim in slapd.conf(5) and 
> slapd.access(5).

Ok, I feel stupid.

> > > # first rule ever: in case identity doesn't match
> > > "cn=Replicator,dc=example,dc=com",
> > > # control is passed to following rules, without giving any access
> > > permissions.
> > > access to *
> > >    by dn.exact="cn=Replicator,dc=example,dc=com" write
> > >    by * none break
> > >
> > > # other access rules...
>
>
> You may start with the above, and play with slapd.access(5) to work out
> what you need.  Make sure you first read the related bits in the
> Administrator's Guide.
>
> p.
>
> --
> Pierangelo Masarati
> mailto:pierangelo.masarati@sys-net.it
>
>
>     SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: 
> +390382476497