[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: top-level data entries not replicating, 2.4.15, now 2.4.17
--On Friday, August 21, 2009 8:52 AM -0700 Brian Neu
<proclivity76@yahoo.com> wrote:
I really only created the test2 record to find out why the
sambaDomainName=SRG,dc=srg,dc=com
record wasn't replicating.
This entry won't replicate either, even with a cn attribute . . .
dn:cn=test3,dc=srg,dc=com
objectclass: top
objectclass: person
userpassword:blah
sn:test3
cn:test3
Please don't top post.
Your config is a little... odd. You have per-db access rules, and yet you
break them like you expect more:
database hdb
suffix "cn=accesslog"
...
access to *
by dn.base="cn=replicator,dc=srg,dc=com" read
by * break
Not that this hurts anything, but it is a weird read.
Also, I don't see *any* access rules on the main DB. You have:
database hdb
suffix "dc=srg,dc=com"
....
database monitor
access to *
by dn.exact="cn=Manager,dc=srg,dc=com" write
by dn.exact="uid=root,ou=People,dc=srg,dc=com" write
by dn.base="cn=replicator,dc=srg,dc=com" read
by * break
Which means you just gave a lot of access to the *monitor* database but not
your *primary* database. I suggest go re-read the slapd.access(5) man
page. If you want global ACLs, they need to come before any "database xyz"
line. If you want per-db ACLs, which I think is what you're trying to do,
then you need to do them *per-db*. Not the odd acl in accesslog, none in
your main db, and some for your monitor database.
--Quanah
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration