|
Just to let the list know this was my own doing. I had an ACL which denied write access to the pwdPolicySubentry because of the preceeding self auth statement. access to attrs=sambaKickoffTime,shadowExpire,shadowMax,shadowWarning,shadowFlag,sambaAcctFlags,sambaPasswordHistory,shadowLastChange,sambaLMPassword,sambaNTPassword,sambaPwdMustChange,sambaPwdLastSet,mail,pwdAccountLockedTime,pwdPolicySubentry,pwdChangedTime,pwdReset by self auth by group.base="cn=infrastructure,ou=example,ou=groups,dc=umlott,dc=lott" write by dn.base="cn=ldapmgr,ou=Service,dc=umlott,dc=lott" write by dn.base="cn=replicator,ou=Service,dc=umlott,dc=lott" write by * none break From: mlstarling31@hotmail.com To: brooksct@hbcs.org Subject: RE: pwdPolicySubentry & replication user Date: Tue, 8 May 2012 17:05:03 -0400 CC: openldap-technical@openldap.org
I also have no issues if I run syncrepl with a provider and consumer. Only mirror mode. Perhaps I'll try downgrading openLDAP. Thanks. Mike Date: Tue, 8 May 2012 16:54:25 -0400 From: brooksct@hbcs.org To: mlstarling31@hotmail.com CC: openldap-technical@openldap.org Subject: RE: pwdPolicySubentry & replication user I run that version without issues, but my infrastructure is still using good old reliable low-bandwidth slurpd, which is no longer supported.
I don’t think syncrepl is sufficiently reliable yet, although others disagree.
--Charlie
From: Michael Starling [mailto:mlstarling31@hotmail.com]
Re: Take the issue to Redhat > Date: Tue, 8 May 2012 12:22:58 -0700 This message, including any attachments, is for the sole use of the intended recipient(s) and may contain privileged confidential information protected by law. Any unauthorized review, use, disclosure or distribution of this message is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of this message. ------------------ CONFIDENTIALITY NOTICE --------------- |