[Date Prev][Date Next] [Chronological] [Thread] [Top]

Replication and acl: moddn operation problem.

To: openldap-technical@openldap.org
Subject: Replication and acl: moddn operation problem.
From: Konstantin Menshikov <kostjnspb@yandex.ru>
Date: Fri, 25 May 2012 17:56:29 +0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1337954189; bh=X8AgiOgWfjTTZ/PzNMZoLCuqabmg8RW9QndhioYVvPU=; h=From:To:Subject:MIME-Version:Message-Id:Date: Content-Transfer-Encoding:Content-Type; b=bbO7+tihDgTh+n8Gez/ka52aTHW4B2MzOzQ2ESBEONGc0y99wt73HMGm6qzrjIUvW TSkfzJX9yr8ZDGt19ibQmPpurMJL/jBUa5qaL9LvjEKD8xOK8nrf8Zy1+b4POGgGm9 +kHlwIuLLbapHKH31x8pvTQ+MH+H+XQQpdhTo7k4=
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1337954189; bh=X8AgiOgWfjTTZ/PzNMZoLCuqabmg8RW9QndhioYVvPU=; h=From:To:Subject:MIME-Version:Message-Id:Date: Content-Transfer-Encoding:Content-Type; b=bbO7+tihDgTh+n8Gez/ka52aTHW4B2MzOzQ2ESBEONGc0y99wt73HMGm6qzrjIUvW TSkfzJX9yr8ZDGt19ibQmPpurMJL/jBUa5qaL9LvjEKD8xOK8nrf8Zy1+b4POGgGm9 +kHlwIuLLbapHKH31x8pvTQ+MH+H+XQQpdhTo7k4=

Hi.

I have replication setup .
Full replication of o=company, but user for replication (uid=replica,ou=users,o=company) is limited by ACL.

Master configuration:

access to dn.subtree="ou=users,o=company"  attrs=userPassword
       by anonymous auth

access to dn.base="o=company"
       by dn.exact="uid=replica,ou=users,o=company" read

access to dn.subtree="ou=dev,o=company"
       by dn.exact="uid=replica,ou=users,o=company" read

 #######################################################################
# BDB database definitions
#######################################################################

database        hdb
suffix          "o=company"
rootdn          "cn=ldapadm,o=company"
rootpw          password
directory       /var/db/openldap-data/o=company

overlay syncprov


Slave configuration:
#######################################################################
# BDB database definitions
#######################################################################

database        hdb
suffix          "o=company"
rootdn          "cn=ldapadm,o=company"
rootpw          password
directory       /var/db/openldap-data/o=company

syncrepl rid=001
                provider=ldap://ro1.devel.ldap.company.ru:389
                type=refreshAndPersist
                retry="5 10 300 +"
                searchbase="o=company"
                scope=sub
                schemachecking=off
                starttls=critical
                bindmethod=simple
                tls_reqcert=never
                binddn="uid=replica,ou=users,o=company"
                credentials="password"


Replication works.

When i move object in forbidden by ACL subtree, then no information about this modification goes to the replica server
e.g.  operation on master server:

dn: ou=groups2,ou=dev,o=company
changetype: moddn
newrdn: ou=groups2
deleteoldrdn: 1
newsuperior: ou=corp,o=company

This object is not deleted  and contextCSN is not updated on the replica.

Is it expected behavior or not?

--
Konstantin Menshikov

Follow-Ups:
- Re: Replication and acl: moddn operation problem.
  - From: Nick Milas <nick@eurobjects.com>
- Re: Replication and acl: moddn operation problem.
  - From: Konstantin Menshikov <kostjnspb@yandex.ru>

Prev by Date: Re: ACL control with break
Next by Date: Re: Replication and acl: moddn operation problem.
Index(es):
- Chronological
- Thread