[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: unable to query rootdn on slave via external auth



--On Tuesday, July 16, 2013 6:53 PM +0100 Adrian Bridgett <adrian@smop.co.uk> wrote:

On 16/07/13 18:36, Quanah Gibson-Mount wrote:

are the olcAccess rules identical between the two?

When you bind via ldapi, if you examine the logs at 256, is the search
being mapped to the same DN on both master and replicas?
Hi Quanah, yes, the olcAccess is identical (I've even diffed them). I
forgot to mention the version - it's 2.4.28-1.1ubuntu5, the debug logs
look like this on the slave:

Ok. I assume you get back valid data when using the rootdn for that DB on the replica?

I would note that this ACL:

olcAccess: {2}to dn.base="" by * read

does not belong in this DB. It belongs in the frontend DB. Here's my olcAccess statements for my frontend DB:

dn: olcDatabase={-1}frontend
olcAccess: {0}to * by dn.children="cn=admins,cn=zimbra" write by * +0 break
olcAccess: {1}to dn.base=""  by * read
olcAccess: {2}to dn.base="cn=subschema"  by * read

--Quanah

--

Quanah Gibson-Mount
Lead Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration