[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: syncrepl not propagating changes
On 22/08/2012 12:00, Rein Tollevik wrote:
On 22.08.12 10:46, Mark Coetser wrote:
On 22/08/2012 10:39, Howard Chu wrote:
Mark Coetser wrote:
on some of the consumers, I have multiple syncrepl configs so that I
replicate specific subdivision data to those servers.
That is not supported. You can only use multiple consumers in the same
database if they are all pointing at different providers (and each of
those
providers uses a unique serverID).
Can I split them into separate databases on the consumer? Or whats the
correct way of doing what I am trying to achieve?
Use a single syncrepl stanza on these consumers too, replicating your
toplevel cn=company dn. Add acl's on the provider which limits the user
these consumers binds as to only see those sub-trees you wish them to see.
Rein
Hi
Please could someone confirm that these acls would be secure, I am
trying to allow services like pam/nss on the provider to still function
and have access to the entire tree, then allow the replica user from the
consumer to see the base of the tree and the whole of the subdivision
tree including userPassword,shadowLastChange, also could someone assist
with an example of a regex acl that I could use to say that
"cn=replica,*" has read access to everything in that users subtree?
access to attrs=userPassword,shadowLastChange
by dn.base="cn=admin,dc=company" write
by dn.base="cn=replica,dc=subdivision,dc=company" read
by anonymous auth
by self write
by * none
access to dn.base=""
by peername.regex=127\.0\.0\.1 read
by * none
access to dn.base="dc=company"
by dn.base="cn=replica,dc=subdivision,dc=company" read
access to dn.subtree="dc=subdivision,dc=company"
by dn.base="cn=replica,dc=subdivision,dc=company" read
access to *
by dn.base="cn=admin,dc=company" write
by peername.regex=127\.0\.0\.1 read
by * none
--
Thank you,
Mark Adrian Coetser
mark@pkfnet.co.za