Turbo- I believe I ran into this same problem a while ago, in 2.2.15. I had to remove the sasl_ssf requirement for my syncrepl updateDN. Since the update happens local (ie, the provider is not pushing from outside, but rather syncrepl is simply changing contect to the updateDN with no authentication, or something like that), there is no kerberos authenticaion happening, therefore sasl_ssf!=56. -Matt > access to * by group.base="cn=Replicators,ou=LDAP,ou=System,o=Bayour.COM,c=SE" sasl_ssf=56 write > by dn.exact="cn=ldap/provider,ou=LDAP,ou=System,o=Bayour.COM,c=SE" sasl_ssf=56 write > by aci write -- Matthew J. Smith <matt.smith@uconn.edu> University of Connecticut ITS PGP Key: http://web.uconn.edu/dotmatt/matt.asc
Attachment:
signature.asc
Description: This is a digitally signed message part