[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: syncrepl with filter question

To: Ralph RÃÃner <roessner@capcom.de>
Subject: Re: syncrepl with filter question
From: Aaron Richton <richton@nbcs.rutgers.edu>
Date: Fri, 7 Mar 2008 15:57:51 -0500 (EST)
Cc: openldap-software@openldap.org
In-reply-to: <20080307173513.GB17232@capcom.de>
References: <20080307173513.GB17232@capcom.de>

On Fri, 7 Mar 2008, Ralph RÃ¶Ã~_ner wrote:

Otherwise it is not. It appears that the replication filter is evaluated
using the access rights of the user making the modification, not those
of the replication user.

IIRC, the syncrepl client should connect to the provider, bind as the identity configured on the syncrepl client, then perform a search with the filter configured on the syncrepl client.

As such, the "user making the modification" should never enter into the algorithm. You should be able to verify this with "slapd -d access" on the provider. Give it a try and see if it looks sane, i.e. you should only see references to the identity configured on the syncrepl client in the course of a syncrepl connection.

Follow-Ups:
- Re: syncrepl with filter question
  - From: Pierangelo Masarati <ando@sys-net.it>

References:
- syncrepl with filter question
  - From: Ralph RÃÃner <roessner@capcom.de>

Prev by Date: Re: replication problem
Next by Date: Re: syncrepl with filter question
Index(es):
- Chronological
- Thread