Syncrepl & access control

["Gerald Richter" <richter@ecos.de>]

Hi,

I want to replicate only parts of my ldap tree. The documentation says, that
access controls applys to the replication, so I created an access control
that looks like the following:

Access to * filter=(foo=bar)
	by dn="cn=syncrepluser,dc=foo,dc=bar"

Now I set the attribute foo to a value of bar in all objects I want to
replicate. (the search filter on the consumer is objectClass=*). This works
so far, but when I delete an object, it doesn't gets deleted on the
consumer.

When I make an access control in the form

Access to dn.sub="cn=a,dc=foo,dc=bar"
	by dn="cn=syncrepluser,dc=foo,dc=bar"

It works correcly.

So my question is it possible to get my first idea to work i.e. is it a bug,
or is it not possible to do things like this?

If not, is there another possibility to get it working?

Note that I have to replicate a lot of objects from different places, so it
is not a possiblity to create access rules for all objects. Also it's
necessary that the consumer can only see the objects it should replicate and
no other objects. Any idea?

Gerald


---------------------------------------------------------------------------
Besuchen Sie uns auf der CeBIT 2006 in Halle 7, Stand B30 (Aladdin)
---------------------------------------------------------------------------
Gerald Richter            ecos electronic communication services gmbh
IT-Securitylösungen * Webapplikationen mit Apache/Perl/mod_perl/Embperl

Post:       Tulpenstrasse 5          D-55276 Dienheim b. Mainz
E-Mail:     richter@ecos.de          Voice:   +49 6133 939-122
WWW:        http://www.ecos.de/      Fax:     +49 6133 939-333
---------------------------------------------------------------------------
ECOS BB-5000 Firewall- und IT-Security Appliance: www.bb-5000.info
---------------------------------------------------------------------------

 


 
** Virus checked by BB-5000 Mailfilter **