Re: Slapd Replication Problem

[Andreas Hasenack <ahasenack@terra.com.br>]

On Wed, Sep 13, 2006 at 01:34:07PM -0400, Brian White wrote:
> >>I tried that, but it semes I may need to add it to _all_ the "access"
> >>lines, since there are separate one that control access to passwords, 
> >>etc.
> >
> >The ordering of ACL's make a difference.  Maybe you can just try to
> >put it near the top?
> 
> I'm afraid if I do, then I'll end up changing the access permissions of 
> those special fields to be the same as the first "catch all" ACL.  I 
> don't have the resources to re-test everything.
> 
> It semes to be working if I add the replication DN to all the ACLs, so I 
> think I'll just stick with that.

You could use the "break" statement. Something like this at the very
top:

access to dn.subtree="dc=example,dc=com"
	by dn="cn=updatedn,dc=example,dc=com" write
	by * break

(I don't remember your DIT or the updatedn name, adjust the above)