[Date Prev][Date Next] [Chronological] [Thread] [Top]
Re: SyncRepl Chaining

To: Quanah Gibson-Mount <quanah@zimbra.com>
Subject: Re: SyncRepl Chaining
From: espeake@oreillyauto.com
Date: Fri, 6 Sep 2013 13:46:51 -0500
Cc: openldap-technical@openldap.org
In-reply-to: <1EE1A6F821B05E0A922420DE@[192.168.1.22]>
References: <OF6221F983.DA1F8092-ON86257BCC.004EF16C-86257BCC.00512A01@LocalDomain> <6CA876FB752413CB29E2EA6B@[192.168.1.22]> <OF025EAA37.81DCFA28-ON86257BDE.00508792-86257BDE.00513044@LocalDomain> <C0B20AD5CD5F41CE59386554@[192.168.1.22]> <OF5A07E42A.4C217BE1-ON86257BDE.0055CC85-86257BDE.0055F196@LocalDomain> <2B0E0E65085221BA0FB7BE66@[192.168.1.22]> <OF654A949D.245F7EA3-ON86257BDE.005A7A63-86257BDE.005B103D@LocalDomain> <0E60476DA07A935954D7321C@[192.168.1.22]> <OFB198C1DA.D982C580-ON86257BDE.005C9E55-86257BDE.005CA25B@LocalDomain> <EC203715A4563EB989A9F6B0@[192.168.1.22]> <OF2D376A8F.A82D6F6F-ON86257BDE.005EE463-86257BDE.005F4978@LocalDomain> <1EE1A6F821B05E0A922420DE@[192.168.1.22]>


From:	Quanah Gibson-Mount <quanah@zimbra.com>
To:	espeake@oreillyauto.com
Cc:	openldap-technical@openldap.org
Date:	09/06/2013 12:29 PM
Subject:	Re: SyncRepl Chaining



--On Friday, September 06, 2013 12:21 PM -0500 espeake@oreillyauto.com
wrote:


> add: olcAccess
> olcAccess: {0}to *
>     by dn.base="uid=syncrepl,ou=System,dc=oreillyauto,dc=com" read
>     by dn.base="uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" read
>     by dn.base="uid=ldapAdmin,ou=System,dc=oreillyauto,dc=com" write
>     by dn.base="uid=newUserAdmin,ou=System,dc=oreillyauto,dc=com" write
>     by dn.base="uid=passwordAdmin,ou=System,dc=oreillyauto,dc=com" write
>     break

This should be "by * break" not "break"

You have no ACL granting access to the pseudo-attribute "entry".

I personally have as my last ACL:

olcAccess: {10}to attrs=entry  by dn.children="cn=admins,cn=zimbra" write
by *
  read

--Quanah

--

Quanah Gibson-Mount
Lead Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration

Here is the access list from a new slapcat, this is for olcDatabase={1}hdb


olcAccess: {0}to *   by
dn.base="uid=syncrepl,ou=System,dc=oreillyauto,dc=com"
  read   by dn.base="uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" read
 by dn.base="uid=ldapAdmin,ou=System,dc=oreillyauto,dc=com" write   by
dn.base
 ="uid=newUserAdmin,ou=System,dc=oreillyauto,dc=com" write   by
dn.base="uid=p
 asswordAdmin,ou=System,dc=oreillyauto,dc=com" write   by * break
olcAccess: {1}to dn.subtree="dc=oreillyauto,dc=com"   by
group/groupOfUniqueNa
 mes/uniqueMember="cn=System
Administrators,ou=Groups,dc=oreillyauto,dc=com" w
 rite   by group/groupOfUniqueNames/uniqueMember="cn=LDAP
Admin,ou=Groups,dc=o
 reillyauto,dc=com" write
olcAccess: {2}to attrs=userPassword   by
group/groupOfUniqueNames/uniqueMember
 ="cn=Authenticate,ou=Groups,dc=oreillyauto,dc=com" write   by anonymous
read
olcAccess: {3}to attrs=uid   by anonymous read   by users read
olcAccess: {4}to attrs=ou,employeeNumber   by users read
olcAccess: {5}to dn.subtree="ou=System,dc=oreillyauto,dc=com"   by
dn.subtree=
 "ou=Users,dc=oreillyauto,dc=com" none   by users read
olcAccess: {6}to dn.children="ou=Groups,dc=oreillyauto,dc=com"   by
dnattr=own
 er write   by dnattr=uniqueMember read   by * none
olcAccess: {7}to dn.children="ou=Users,dc=oreillyauto,dc=com"   by self
read
 by
group/groupOfUniqueNames/uniqueMember="cn=Authenticate,ou=Groups,dc=oreill
 yauto,dc=com" read   by * none
olcAccess: {8}to *   by self read   by users read
olcAccess: {9} to attrs=entry by dn.children="cn=admins" write by * read

and here is the debug.

Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: conn=2777 op=0 BIND
dn="uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" method=128
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => bdb_entry_get: found entry:
"uid=readonlyuser,ou=system,dc=oreillyauto,dc=com"
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => bdb_entry_get: found entry:
"cn=passwordadminpolicy,ou=policies,dc=oreillyauto,dc=com"
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result not
in cache (userPassword)
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: auth access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "userPassword"
requested
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => acl_get: [1] attr
userPassword
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => acl_mask: access to entry
"uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com", attr "userPassword"
requested
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => acl_mask: to value by "",
(=0)
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: <= check a_dn_pat:
uid=syncrepl,ou=system,dc=oreillyauto,dc=com
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: <= check a_dn_pat:
uid=readonlyuser,ou=system,dc=oreillyauto,dc=com
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: <= check a_dn_pat:
uid=ldapadmin,ou=system,dc=oreillyauto,dc=com
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: <= check a_dn_pat:
uid=newuseradmin,ou=system,dc=oreillyauto,dc=com
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: <= check a_dn_pat:
uid=passwordadmin,ou=system,dc=oreillyauto,dc=com
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: <= check a_dn_pat: *
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: <= acl_mask: [6] applying +0
(break)
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: <= acl_mask: [6] mask: =0
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => dn: [2]
dc=oreillyauto,dc=com
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => acl_get: [2] matched
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => acl_get: [2] attr
userPassword
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => acl_mask: access to entry
"uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com", attr "userPassword"
requested
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => acl_mask: to value by "",
(=0)
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: <= acl_mask: no more <who>
clauses, returning =0 (stop)
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => slap_access_allowed: auth
access denied by =0
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: no more
rules
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => bdb_entry_get: found entry:
"uid=readonlyuser,ou=system,dc=oreillyauto,dc=com"
Sep  6 13:28:29  slapd[22892]: last message repeated 3 times
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => test_filter
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]:     PRESENT
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: search
access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "objectClass"
requested
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: search
access granted by manage(=mwrscxd)
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: <= test_filter 6
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => test_filter
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]:     PRESENT
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: search
access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "objectClass"
requested
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: search
access granted by manage(=mwrscxd)
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: <= test_filter 6
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => bdb_entry_get: found entry:
"uid=readonlyuser,ou=system,dc=oreillyauto,dc=com"
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => bdb_entry_get: found entry:
"cn=passwordadminpolicy,ou=policies,dc=oreillyauto,dc=com"
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: search
access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "entry"
requested
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: search
access granted by manage(=mwrscxd)
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => test_filter
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]:     EQUALITY
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: search
access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "objectClass"
requested
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: search
access granted by manage(=mwrscxd)
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: <= test_filter 5
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: search
access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "entry"
requested
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: search
access granted by manage(=mwrscxd)
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => test_filter
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]:     EQUALITY
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: search
access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "objectClass"
requested
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: search
access granted by manage(=mwrscxd)
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: <= test_filter 5
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: <= acl_access_allowed: granted
to database root
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => bdb_entry_get: found entry:
"uid=readonlyuser,ou=system,dc=oreillyauto,dc=com"
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => test_filter
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]:     PRESENT
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: search
access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "objectClass"
requested
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: search
access granted by manage(=mwrscxd)
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: <= test_filter 6
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => bdb_entry_get: found entry:
"uid=readonlyuser,ou=system,dc=oreillyauto,dc=com"
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "entry" requested
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
granted by manage(=mwrscxd)
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result not
in cache (objectClass)
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => test_filter
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]:     PRESENT
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "objectClass"
requested
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: search
access to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "objectClass"
requested
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
granted by manage(=mwrscxd)
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: search
access granted by manage(=mwrscxd)
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result was
in cache (objectClass)
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result not
in cache (uid)
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "uid" requested
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
granted by manage(=mwrscxd)
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result not
in cache (description)
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "description"
requested
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
granted by manage(=mwrscxd)
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result not
in cache (pwdPolicySubentry)
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "pwdPolicySubentry"
requested
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
granted by manage(=mwrscxd)
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result not
in cache (structuralObjectClass)
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com"
"structuralObjectClass" requested
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
granted by manage(=mwrscxd)
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result not
in cache (entryUUID)
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "entryUUID" requested
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
granted by manage(=mwrscxd)
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result not
in cache (creatorsName)
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "creatorsName"
requested
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: <= test_filter 6
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => bdb_entry_get: found entry:
"uid=readonlyuser,ou=system,dc=oreillyauto,dc=com"
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "entry" requested
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
granted by manage(=mwrscxd)
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result not
in cache (objectClass)
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "objectClass"
requested
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
granted by manage(=mwrscxd)
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result was
in cache (objectClass)
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result not
in cache (uid)
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "uid" requested
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
granted by manage(=mwrscxd)
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result not
in cache (description)
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "description"
requested
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
granted by manage(=mwrscxd)
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result not
in cache (pwdPolicySubentry)
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "pwdPolicySubentry"
requested
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
granted by manage(=mwrscxd)
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result not
in cache (structuralObjectClass)
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com"
"structuralObjectClass" requested
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
granted by manage(=mwrscxd)
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result not
in cache (entryUUID)
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "entryUUID" requested
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
granted by manage(=mwrscxd)
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result not
in cache (creatorsName)
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "creatorsName"
requested
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
granted by manage(=mwrscxd)
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result not
in cache (createTimestamp)
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "createTimestamp"
requested
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
granted by manage(=mwrscxd)
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result not
in cache (pwdHistory)
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "pwdHistory"
requested
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
granted by manage(=mwrscxd)
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result was
in cache (pwdHistory)
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result not
in cache (userPassword)
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "userPassword"
requested
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
granted by manage(=mwrscxd)
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result not
in cache (pwdChangedTime)
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "pwdChangedTime"
requested
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
granted by manage(=mwrscxd)
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result not
in cache (pwdFailureTime)
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "pwdFailureTime"
requested
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
granted by manage(=mwrscxd)
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result was
in cache (pwdFailureTime)
Sep  6 13:28:29  slapd[22892]: last message repeated 11 times
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
granted by manage(=mwrscxd)
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result not
in cache (createTimestamp)
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "createTimestamp"
requested
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
granted by manage(=mwrscxd)
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result not
in cache (pwdHistory)
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "pwdHistory"
requested
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
granted by manage(=mwrscxd)
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result was
in cache (pwdHistory)
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: result not
in cache (userPassword)
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
to "uid=readOnlyUser,ou=System,dc=oreillyauto,dc=com" "userPassword"
requested
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: <= root access granted
Sep  6 13:28:29 tntest-ldap-1 slapd[22892]: => access_allowed: read access
granted by manage(=mwrscxd)

Thank,
Eric
--
This message has been scanned for viruses and dangerous content,
and is believed to be clean.
  Message id: E7DF7600DE2.A1C62




This communication and any attachments are confidential, protected by Communications Privacy Act 18 USCS § 2510, solely for the use of the intended recipient, and may contain legally privileged material. If you are not the intended recipient, please return or destroy it immediately. Thank you.
Follow-Ups:
- Re: SyncRepl Chaining
  - From: Quanah Gibson-Mount <quanah@zimbra.com>
References:
- SyncRepl Chaining
  - From: espeake@oreillyauto.com
- Re: SyncRepl Chaining
  - From: Quanah Gibson-Mount <quanah@zimbra.com>
- Re: SyncRepl Chaining
  - From: espeake@oreillyauto.com
- Re: SyncRepl Chaining
  - From: Quanah Gibson-Mount <quanah@zimbra.com>
- Re: SyncRepl Chaining
  - From: espeake@oreillyauto.com
- Re: SyncRepl Chaining
  - From: Quanah Gibson-Mount <quanah@zimbra.com>
- Re: SyncRepl Chaining
  - From: espeake@oreillyauto.com
- Re: SyncRepl Chaining
  - From: Quanah Gibson-Mount <quanah@zimbra.com>
Prev by Date: Re: Antw: Re: Log service time?
Next by Date: Re: SyncRepl Chaining
Index(es):
- Chronological
- Thread