|
Hello, I'd like to manage replica ( read only) via ACL. So all replica servers would have the same config : olcSyncrepl :rid=001 provider=ldap://ip:389 binddn="cn=seruser-test,ou=AppUsers,dc=test,dc=net" bindmethod=simple credentials=secret searchbase="dc=phonesystems,dc=net" type=refreshAndPersist interval=00:00:00:10 retry="60 10 300 12 7200 +" where searchbase is the base entry. If we want to add a subtree to a replica, we'd only have to add rights to the ACL on the master. exple : ...to dn.subtree="ou=customer,ou=suite,dc=test,dc=net" by group/groupOfNames/member.exact="cn=ser-test-write,ou=groups,cn=system" write by group/groupOfNames/member.exact="cn=ser-test-read,ou=groups,cn=system" read by * none adding to dn.subtree="ou=provider,ou=suite,dc=test,dc=net" by group/groupOfNames/member.exact="cn=ser-test-write,ou=groups,cn=system" write by group/groupOfNames/member.exact="cn=ser-test-read,ou=groups,cn=system" read by * none would add the subtree "ou=provider,ou=suite,dc=test,dc=net" to the replica. It would be easier to manage replica. Is it possible to implement this solution ? Thank you |