Hi,
... which can safely reduce to
access to attrs=userPassword,ntPassword,lmPassword by dn="cn=Replicator,dc=iitb,dc=ac,dc=in" write by dn="cn=Manager,dc=iitb,dc=ac,dc=in" write by dn.exact="cn=courier,ou=people,dc=iitb,dc=ac,dc=in" read by dn.exact="cn=sambaproxy,ou=people,dc=iitb,dc=ac,dc=in" read by dn.exact="cn=ftproxy,ou=people,dc=iitb,dc=ac,dc=in" read by dn.exact="cn=qmail,ou=People,dc=iitb,dc=ac,dc=in" read by anonymous auth
access to * by dn="cn=Replicator,dc=iitb,dc=ac,dc=in" write by dn="cn=Manager,dc=iitb,dc=ac,dc=in" write by * read
OK, now we see that nothing prevents from reading any object, except for
the passwords.
There is no password set for the missing entries.
My concern (and my question, which you didn't answer yet) is: can theYes, the replication identity can read the missing entries from the producer.
replication identity read the missing objects from the producer? This
involves permissions on the producer side.
# EE, People, iitb.ac.in dn: ou=EE,ou=People,dc=iitb,dc=ac,dc=in ou: EE objectClass: top objectClass: organizationalUnit [\command]
Should I include the bits of ACLs from my Producer ?
My other question is: since you counted the DNs in both slapcats, can youYes, they do. Considering the same ex.: 'dn: ou=EE,ou=People,dc=iitb,dc=ac,dc=in' on my consumer has a "glue" objectClass.
check if any of the entries you cannot see has "glue" objectClass?
But the same entry on the provider does not have a "glue" objectClass. [ldif] dn: ou=EE,ou=People,dc=iitb,dc=ac,dc=in ou: EE objectClass: top objectClass: organizationalUnit structuralObjectClass: organizationalUnit entryUUID: 9ea7320a-ec3b-1028-8a25-eb9297806c56 creatorsName: cn=Manager,dc=iitb,dc=ac,dc=in createTimestamp: 20041227101255Z entryCSN: 20041227101255Z#00000a#00#000000 modifiersName: cn=Manager,dc=iitb,dc=ac,dc=in modifyTimestamp: 20041227101255Z [\ldif]
Finally: it is not clear, from your earlier messages, if you can see theNope I cannot see them. In the above case I cannot see "dn: ou=EE,ou=People,dc=iitb,dc=ac,dc=in" but as I said
missing entries with ldapsearch. Can you?
Please let me know if I am missing out something. -- Saket