Re: SyncRepl - no write access

[Quanah Gibson-Mount <quanah@stanford.edu>]

--On Friday, January 07, 2005 12:38 AM +0100 Turbo Fredriksson 
<turbo@bayour.com> wrote:

> > # Syncrepl Provider
> > overlay syncprov
>
> Eh? Where is this specified/documented!? Is this a 2.3 thing? I'm still
> on 2.2.20.

Yes, syncrepl has been re-written as an overlay in 2.3. ;)

> > access to *
> >         by
> > group.base="cn=ldapReplica,cn=Applications,dc=stanford,dc=edu"
> > sasl_ssf=56 read
> >
> > All replica's are members of the "ldapReplica" group:
>
> Any specific reason why you have one object per server? Why isn't
> ONE enough?

Yes, I don't want *any* server in my world to be able to replicate from a 
given master.  So I specifically define which servers belong to a 
particular master (I have 3 masters, dev, test, and prod, and 15 replica's, 
3 for dev, 3 for test, and 9 for prod).  Just to cover myself in case I 
type the wrong thing at some point. ;)

> >  binddn="cn=ldap-dev1,cn=ldap,cn=operational,dc=stanford,dc=edu"
> >  authcId=ldap/ldap-dev1.stanford.edu@stanford.edu
>
> Oki, explains your sasl-regexp. Nice solution! I'll try this...

:)

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

"These censorship operations against schools and libraries are stronger
than ever in the present religio-political climate. They often focus on
fantasy and sf books, which foster that deadly enemy to bigotry and blind
faith, the imagination." -- Ursula K. Le Guin