[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: olcAccess replication - error 80 attributes not within database namespace



Igor Zinovik wrote:
   Hello.

I'm trying to replicate access rules and limits for one of my databases, but
with no success:
suse:~ # cat olcAccess-syncrepl.ldif
dn: olcDatabase={1}mdb,cn=config
changetype: modify
add: olcSyncrepl
olcSyncrepl: {1}rid=002
   provider=ldap://ldap1.local
   bindmethod=simple
   binddn="cn=admin,cn=config"
   credentials="TopSecret"
   searchbase="olcDatabase={1}mdb,cn=config"
   attrs="olcAccess,olcLimits"
   timeout=3
   network-timeout=0
   starttls=yes
   tls_cert="/etc/openldap/ldap.pem"
   tls_key="/etc/openldap/ldap.key"
   tls_cacert="/etc/ssl/local-ca.pem"
   tls_reqcert=demand
   tls_crlcheck=none


suse:~ # ldapmodify -H ldap://ldap2.local -ZZxWD cn=admin,cn=config -f
olcAccess-syncrepl.ldif
Enter LDAP Password:
modifying entry "olcDatabase={1}mdb,cn=config"
ldap_modify: Other (e.g., implementation specific) error (80)
         additional info: Base DN "olcAccess,olcLimits" is not within the
database naming context

> slapd-2.4.33 if it matters.

The error message is a bit garbled (obviously the Base DN is wrong) but the error is basically correct. You're trying to replicate the wrong thing from the wrong place. Setting a syncrepl consumer on the olcDatabase={1}mdb database lets you replicate the *content* of that database. To replicate the *configuration* of that database your consumer must be set where that configuration is stored.

The configuration is stored in olcDatabase={0}config.

--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/