[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP end Replication of olcAccess

To: openldap-technical@openldap.org
Subject: Re: OpenLDAP end Replication of olcAccess
From: Francesco Malvezzi <francesco.malvezzi@unimore.it>
Date: Wed, 23 Jul 2014 10:06:59 +0200
In-reply-to: <16A0298C-6899-4F3C-8AF8-16C5CC17C8A2@kontrast.de>
References: <16A0298C-6899-4F3C-8AF8-16C5CC17C8A2@kontrast.de>
Unimore-x-sa-score: -1.2
User-agent: Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Thunderbird/24.6.0

[...]
> 
> Anyone can Helf where my issue is?

pardon, just some general thinkings.

In my opinion it is not possibile to partially replicate a entry, so
either you replicate the whole
dn: olcDatabase={1}hdb,cn=config
or nothing.

In order to replicate acl I would not do that. I would replicate
dn: olcDatabase={-1}frontend,cn=config

I am un-aware of the implication of acl rule overlap between
olcDatabase={-1}frontend and olcDatabase={1}hdb, so I would advise not
to add acl to
olcDatabase={1}hdb
except an explicit "allow-all" rule and do all the access control on
olcDatabase={-1}frontend

I didn't try that by myself so please just accept this as a starting point

ciao,

Francesco

References:
- OpenLDAP end Replication of olcAccess
  - From: Oliver Werner <oliver.werner@kontrast.de>

Prev by Date: Re: bdb_equality_candidates
Next by Date: Re: Incremental backup with LMDB
Index(es):
- Chronological
- Thread