[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Syncrepl not replicating entire tree
> Hi,
> Here are the ACLs used by the consumer.
>
> #
> # LDAP slave3 ACLs
> #
> access to attrs=userPassword,ntPassword,lmPassword
> by dn="cn=Replicator,dc=iitb,dc=ac,dc=in" write
> by dn="cn=Manager,dc=iitb,dc=ac,dc=in" write
> by dn.exact="cn=courier,ou=people,dc=iitb,dc=ac,dc=in" read
> by dn.exact="cn=sambaproxy,ou=people,dc=iitb,dc=ac,dc=in" read
> by dn.exact="cn=ftproxy,ou=people,dc=iitb,dc=ac,dc=in" read
> by dn.exact="cn=qmail,ou=People,dc=iitb,dc=ac,dc=in" read
> by anonymous auth
> by * none
>
> access to *
> by dn="cn=Replicator,dc=iitb,dc=ac,dc=in" write
> by dn="cn=Manager,dc=iitb,dc=ac,dc=in" write
> by dn.exact="cn=courier,ou=people,dc=iitb,dc=ac,dc=in" read
> by dn.exact="cn=sambaproxy,ou=people,dc=iitb,dc=ac,dc=in" read
> by dn.exact="cn=ftproxy,ou=people,dc=iitb,dc=ac,dc=in" read
> by dn.exact="cn=qmail,ou=People,dc=iitb,dc=ac,dc=in" read
> by * read
... which can safely reduce to
access to attrs=userPassword,ntPassword,lmPassword
by dn="cn=Replicator,dc=iitb,dc=ac,dc=in" write
by dn="cn=Manager,dc=iitb,dc=ac,dc=in" write
by dn.exact="cn=courier,ou=people,dc=iitb,dc=ac,dc=in" read
by dn.exact="cn=sambaproxy,ou=people,dc=iitb,dc=ac,dc=in" read
by dn.exact="cn=ftproxy,ou=people,dc=iitb,dc=ac,dc=in" read
by dn.exact="cn=qmail,ou=People,dc=iitb,dc=ac,dc=in" read
by anonymous auth
access to *
by dn="cn=Replicator,dc=iitb,dc=ac,dc=in" write
by dn="cn=Manager,dc=iitb,dc=ac,dc=in" write
by * read
OK, now we see that nothing prevents from reading any object, except for
the passwords.
My concern (and my question, which you didn't answer yet) is: can the
replication identity read the missing objects from the producer? This
involves permissions on the producer side.
My other question is: since you counted the DNs in both slapcats, can you
check if any of the entries you cannot see has "glue" objectClass?
Finally: it is not clear, from your earlier messages, if you can see the
missing entries with ldapsearch. Can you?
p.
--
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it
SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497