[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SyncRepl - no write access





--On Friday, January 07, 2005 12:38 AM +0100 Turbo Fredriksson <turbo@bayour.com> wrote:

# Syncrepl Provider
overlay syncprov

Eh? Where is this specified/documented!? Is this a 2.3 thing? I'm still on 2.2.20.

Yes, syncrepl has been re-written as an overlay in 2.3. ;)

access to *
        by
group.base="cn=ldapReplica,cn=Applications,dc=stanford,dc=edu"
sasl_ssf=56 read

All replica's are members of the "ldapReplica" group:

Any specific reason why you have one object per server? Why isn't ONE enough?

Yes, I don't want *any* server in my world to be able to replicate from a given master. So I specifically define which servers belong to a particular master (I have 3 masters, dev, test, and prod, and 15 replica's, 3 for dev, 3 for test, and 9 for prod). Just to cover myself in case I type the wrong thing at some point. ;)


 binddn="cn=ldap-dev1,cn=ldap,cn=operational,dc=stanford,dc=edu"
 authcId=ldap/ldap-dev1.stanford.edu@stanford.edu

Oki, explains your sasl-regexp. Nice solution! I'll try this...

:)

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

"These censorship operations against schools and libraries are stronger
than ever in the present religio-political climate. They often focus on
fantasy and sf books, which foster that deadly enemy to bigotry and blind
faith, the imagination." -- Ursula K. Le Guin