[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Syncrepl and mmr

To: "Borresen, John - 0442 - MITLL" <John.Borresen@ll.mit.edu>, "openldap-technical@openldap.org" <openldap-technical@openldap.org>
Subject: Re: Syncrepl and mmr
From: Michael Ströder <michael@stroeder.com>
Date: Fri, 31 Jan 2014 20:40:35 +0100
In-reply-to: <20140131192627.3B7E36055F@srv1.stroeder.com>
References: <1BB724A73E57084D89F6F28ED9E651920AD3170DFB@LLE2K7-BE02.mitll.ad.local> <201401301252.s0UCqYiG032646@boole.openldap.org> <BB8429D49E4807C586371E61@[192.168.1.2]> <20140130202839.1351AA624A@edge02.zimbra.com> <2B630E28DF38ECE010CBD25A@[192.168.1.2]> <20140130212629.B2597A6250@edge02.zimbra.com> <DB1FEF6327E2B46EC94F873B@[192.168.1.2]> <20140130213534.84D20A6263@edge02.zimbra.com> <395A5E98A0BA923103457A7D@[192.168.1.2]> <20140130215154.21246A6250@edge02.zimbra.com> <E05E339BB9E6991AE1EE9034@[192.168.1.2]> <20140131135522.883144425D@edge01.zimbra.com> <8B2D174F182D2F00973C48E7@[192.168.1.2]> <20140131182111.1FCCDA6244@edge02.zimbra.com> <DA81C395D0AF170D0D2E8E2A@[192.168.1.2]> <52EBF648.2030003@stroeder.com> <20140131192627.3B7E36055F@srv1.stroeder.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:27.0) Gecko/20100101 Firefox/27.0 SeaMonkey/2.24

Borresen, John - 0442 - MITLL wrote:
> I'm not trying to implement partial replication.

Missed the smiley?

Your *first* ACL should give read access to the whole tree to the group of
replicas and then pass on all other access checking to the subsequent ACLs (by
* break).

Something like:

limits
  group="cn=replicas,dc=example,dc=com"
    time=unlimited
    size=unlimited

access to
  dn.subtree="ou=ampua"
    by group="cn=replicas,dc=example,dc=com" read
    by * break

Ciao, Michael.

> -----Original Message-----
> From: Michael Ströder [mailto:michael@stroeder.com] 
> Sent: Friday, January 31, 2014 2:15 PM
> To: Quanah Gibson-Mount; Borresen, John - 0442 - MITLL; openldap-technical@openldap.org
> Subject: Re: Syncrepl and mmr
> 
> Quanah Gibson-Mount wrote:
>> --On Friday, January 31, 2014 1:20 PM -0500 "Borresen, John - 0442 - MITLL"
>> <John.Borresen@ll.mit.edu> wrote:
>>
>>> Thanks, Quanah
>>>
>>> Not sure what you meant by " Well, it may not have been this issue, but
>>> it definite would become an issue then."
>>>
>>> Was what I did a good thing or not?  Curious minds want to know. <lol>
>>
>> The lack of read permissions for the replication user would absolutely be an
>> issue at some point. ;)
> 
> To put it the other way round:
> It's very hard to implement partial replication correctly. ;-}
> 
> Ciao, Michael.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Follow-Ups:
- RE: Syncrepl and mmr
  - From: "Borresen, John - 0442 - MITLL" <John.Borresen@ll.mit.edu>

References:
- Syncrepl and mmr
  - From: "Borresen, John - 0442 - MITLL" <John.Borresen@ll.mit.edu>
- Re: Syncrepl and mmr
  - From: Quanah Gibson-Mount <quanah@zimbra.com>
- RE: Syncrepl and mmr
  - From: Quanah Gibson-Mount <quanah@zimbra.com>
- RE: Syncrepl and mmr
  - From: Quanah Gibson-Mount <quanah@zimbra.com>
- RE: Syncrepl and mmr
  - From: Quanah Gibson-Mount <quanah@zimbra.com>
- RE: Syncrepl and mmr
  - From: Quanah Gibson-Mount <quanah@zimbra.com>
- RE: Syncrepl and mmr
  - From: Quanah Gibson-Mount <quanah@zimbra.com>
- RE: Syncrepl and mmr
  - From: Quanah Gibson-Mount <quanah@zimbra.com>
- Re: Syncrepl and mmr
  - From: Michael Ströder <michael@stroeder.com>

Prev by Date: RE: Syncrepl and mmr
Next by Date: RE: Syncrepl and mmr
Index(es):
- Chronological
- Thread