Re: olcAccess replication - error 80 attributes not within database namespace

[Howard Chu <hyc@symas.com>]

Igor Zinovik wrote:
>    Hello.
>
> I'm trying to replicate access rules and limits for one of my databases, but
> with no success:
> suse:~ # cat olcAccess-syncrepl.ldif
> dn: olcDatabase={1}mdb,cn=config
> changetype: modify
> add: olcSyncrepl
> olcSyncrepl: {1}rid=002
>    provider=ldap://ldap1.local
>    bindmethod=simple
>    binddn="cn=admin,cn=config"
>    credentials="TopSecret"
>    searchbase="olcDatabase={1}mdb,cn=config"
>    attrs="olcAccess,olcLimits"
>    timeout=3
>    network-timeout=0
>    starttls=yes
>    tls_cert="/etc/openldap/ldap.pem"
>    tls_key="/etc/openldap/ldap.key"
>    tls_cacert="/etc/ssl/local-ca.pem"
>    tls_reqcert=demand
>    tls_crlcheck=none
>
>
> suse:~ # ldapmodify -H ldap://ldap2.local -ZZxWD cn=admin,cn=config -f
> olcAccess-syncrepl.ldif
> Enter LDAP Password:
> modifying entry "olcDatabase={1}mdb,cn=config"
> ldap_modify: Other (e.g., implementation specific) error (80)
>          additional info: Base DN "olcAccess,olcLimits" is not within the
> database naming context

> slapd-2.4.33 if it matters.

The error message is a bit garbled (obviously the Base DN is wrong) but the 
error is basically correct. You're trying to replicate the wrong thing from 
the wrong place. Setting a syncrepl consumer on the olcDatabase={1}mdb 
database lets you replicate the *content* of that database. To replicate the 
*configuration* of that database your consumer must be set where that 
configuration is stored.

The configuration is stored in olcDatabase={0}config.

--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/