[Date Prev][Date Next] [Chronological] [Thread] [Top]

Replicating Schema, olcAccess and olcLimits

To: "openldap-technical@openldap.org" <openldap-technical@openldap.org>
Subject: Replicating Schema, olcAccess and olcLimits
From: Andrew Devenish-Meares <adevenis@une.edu.au>
Date: Tue, 6 Aug 2013 15:56:46 +1000
Accept-language: en-US, en-AU
Acceptlanguage: en-US, en-AU
Content-language: en-US
Thread-index: Ac6Sabx4ERJYsw3qR9qAAJgnhTRGyw==
Thread-topic: Replicating Schema, olcAccess and olcLimits
User-agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130620 Thunderbird/17.0.7

Hi List,

I'm attempting to set up replication of schema, olcAccess and olcLimits. 
  It appears replicating the schema works, but the olcAccess and 
olcLimits do not appear to replicate under olcDatabase={2}bdb,cn=config. 
  (Additionally the DIT under dc=une,dc=edu,dc=au is also replicated 
without issue).

The syncprov overlay is in place
root@ldap-master-dev [DEV] ~/ldap-config/# ldapsearch -Y EXTERNAL -H 
ldapi:// -LL -b olcOverlay={0}syncprov,olcDatabase={0}config,cn=config
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
version: 1

dn: olcOverlay={0}syncprov,olcDatabase={0}config,cn=config
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: {0}syncprov


The SyncUser has access to read the cn=schema,cn=config and 
olcDatabase={2}bdb,cn=config branches:
root@ldap-master-dev [DEV] ~/ldap-config/# ldapsearch -Y EXTERNAL -H 
ldapi:// -LL -b olcDatabase={0}config,cn=config olcAccess
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
version: 1

dn: olcDatabase={0}config,cn=config
olcAccess: {0}to dn.subtree="cn=schema,cn=config" by 
dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage 
by dn="cn=SyncUser,dc=une,dc=edu,dc=au" read by * none
olcAccess: {1}to dn.subtree="olcDatabase={2}bdb,cn=config" by 
dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage 
by dn="cn=SyncUser,dc=une,dc=edu,dc=au" read by * none
olcAccess: {2}to *  by 
dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage 
  by * none

dn: olcOverlay={0}syncprov,olcDatabase={0}config,cn=config


On the consumer side, I've added the following two olcSyncRepl enteries 
to the olcDatabase={2}bdb,cn=config:

root@ldap-slave-dev-00 [DEV] ~/ldap-slave-config/# ldapsearch -Y 
EXTERNAL -H ldapi:/// -LL -b olcDatabase={0}config,cn=config olcSyncRepl
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
version: 1

dn: olcDatabase={0}config,cn=config
olcSyncrepl: {0}rid=001 
provider=ldap://ldap-master-dev.server.une.edu.au bindmethod=simple 
binddn="cn=SyncUser,dc=une,dc=edu,dc=au" credentials="PASSWORD" 
searchbase="cn=schema,cn=config" 
type=refreshAndPersistinterval=00:00:00:10 retry="5 5 300 5" timeout=1
olcSyncrepl: {1}rid=003 
provider=ldap://ldap-master-dev.server.une.edu.au bindmethod=simple 
binddn="cn=SyncUser,dc=une,dc=edu,dc=au" credentials="PASSWORD" 
searchbase="olcDatabase={2}bdb,cn=config" 
attrs="olcDbIndex,olcDbConfig,olcAccess,olcLimits" 
type=refreshAndPersist interval=00:00:00:10 retry="5 5 300 5" timeout=1

I don't follow why this doesn't work.

Any suggestions?

Thanks

-- 
Andrew Devenish-Meares
Solutions Analyst
Information Technology
University of New England
Armidale   NSW   2351

e:  adevenis@une.edu.au
p:  02 6773 4098
w: http://une.edu.au/itd

Follow-Ups:
- Re: Replicating Schema, olcAccess and olcLimits
  - From: Andrew Devenish-Meares <adevenis@une.edu.au>

Prev by Date: Re: syntax for 2 dimensional multivalued attributes?
Next by Date: Re: add rich data into attribute type definition possible?
Index(es):
- Chronological
- Thread