[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SyncRepl - no write access

To: Turbo Fredriksson <turbo@bayour.com>
Subject: Re: SyncRepl - no write access
From: "Matthew J. Smith" <matt.smith@uconn.edu>
Date: Fri, 07 Jan 2005 09:41:17 -0500
Cc: openldap-software@OpenLDAP.org
In-reply-to: <87y8f5fhvu.fsf@pumba.bayour.com>
Organization: University of Connecticut ITS
References: <87wtuqh06e.fsf@pumba.bayour.com> <50E6DE2D054354F4FBBD898D@cadabra-dsl.stanford.edu> <87y8f5fhvu.fsf@pumba.bayour.com>

Turbo-
  I believe I ran into this same problem a while ago, in 2.2.15.  I had
to remove the sasl_ssf requirement for my syncrepl updateDN.  Since the
update happens local (ie, the provider is not pushing from outside, but
rather syncrepl is simply changing contect to the updateDN with no
authentication, or something like that), there is no kerberos
authenticaion happening, therefore sasl_ssf!=56.

-Matt
> access to * by group.base="cn=Replicators,ou=LDAP,ou=System,o=Bayour.COM,c=SE" sasl_ssf=56 write
>             by dn.exact="cn=ldap/provider,ou=LDAP,ou=System,o=Bayour.COM,c=SE" sasl_ssf=56 write
>             by aci write

-- 
Matthew J. Smith <matt.smith@uconn.edu>
University of Connecticut ITS
PGP Key: http://web.uconn.edu/dotmatt/matt.asc

Attachment: signature.asc
Description: This is a digitally signed message part

Follow-Ups:
- Re: SyncRepl - no write access
  - From: Turbo Fredriksson <turbo@bayour.com>
- Re: SyncRepl - no write access
  - From: Quanah Gibson-Mount <quanah@stanford.edu>

References:
- SyncRepl - no write access
  - From: Turbo Fredriksson <turbo@bayour.com>
- Re: SyncRepl - no write access
  - From: Quanah Gibson-Mount <quanah@stanford.edu>
- Re: SyncRepl - no write access
  - From: Turbo Fredriksson <turbo@bayour.com>

Prev by Date: Re: SyncRepl - no write access
Next by Date: Best way to check integrity of slave content?
Index(es):
- Chronological
- Thread