RE: Syncrepl and mmr

["Borresen, John - 0442 - MITLL" <John.Borresen@ll.mit.edu>]

Thanks Quanah...

Now, I'm going to ask this...

My current ACL is:

olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by anonymous auth by * none
olcAccess: {1}to * by * read

Supposed this allows the user to modify their userPassword and (in so doing) modifying the shadowLastChange, allows anonymous to authenticate against these entries and allows others to read these entries

Am I reading that correctly...or at least close?

To give my syncrepl user (ldapadmin) access, my new ACL would another olcAccess:

olcAccess:{2}to * by cn=ldapdmin manage

Is that correct?

Thanks in advance.  

John Borresen

-----Original Message-----
From: Quanah Gibson-Mount [mailto:quanah@zimbra.com] 
Sent: Thursday, January 30, 2014 2:58 PM
To: Borresen, John - 0442 - MITLL; openldap-technical@openldap.org
Subject: Re: Syncrepl and mmr

--On Thursday, January 30, 2014 7:51 AM -0500 "Borresen, John - 0442 - MITLL" <John.Borresen@ll.mit.edu> wrote:

> For some reason the original never made it.  Not sure why.
> ________________________________________
> From: Borresen, John - 0442 - MITLL
> Sent: Wednesday, January 29, 2014 4:41 PM
> To: openldap-technical@openldap.org
> Subject: Syncrepl -- MMR
>
> All,
>
> Troubleshooting some issues, not to mention to verify that Syncrepl 
> are working as they should, following setting up a 2-way multi-master 
> in our test environment.
>
>
> 1)      I noticed that the "userPassword" attributes have all
> disappeared?!


> olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by 
> anonymou s auth by * none

Obviously this ACL allows no access to the userPassword or shadowLastChange attributes by your replication user.  Clearly this will result in the behavior you have described.

--Quanah

--

Quanah Gibson-Mount
Architect - Server
Zimbra, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration