[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: cn=config replication stops after adding olcAccess entries
- To: openldap-technical@openldap.org
- Subject: Re: cn=config replication stops after adding olcAccess entries
- From: Jan Hugo Prins <jhp@jhprins.org>
- Date: Tue, 28 Jan 2020 14:43:46 +0100
- Autocrypt: addr=jhp@jhprins.org; prefer-encrypt=mutual; keydata= mQGiBEmpq2ERBACKaCU9oybkd6IovYsm8jm33a8+UiOpbHdoXTbRyFvoMMls2W5A5krW4UXY KyINOdusrsSDP5odLk4JR/SeqtAkayBHO+hulFEaOXRB7dURreOHHOKMaIdgl+FR5RPmPjjf 4wWL+mxmPmJiiRLOfMIIl5AlKVfE/k0sv6uikmOSqwCgq0PjC0I1fwwt7uzE1Rzu7P5pS8ED /RshP0Y6IpGtu9dj0hstVkysWF0mjHJ3tRUTUnqJYOF7KrciCiSwWHJH8iVsBVLWJ2MF63tS omGFs76Jih55WEO1Zl5GhKAJvk+8lxxCXsVx2Kjn2zDYd4ibxAMlviUyuTbRyDmh0kyoEQOz kPTON+YeIM5832lUfv8yLw/7DwftA/0WvymmDW9BYM2F5ZRtC/xFWYQaAAdLXZDZgj+OBVq8 pEgzenJ/x62XNE5FzG7F5WzqsN0QCtPy4smQA3ztJHhyVeI2NbbBCw6bip0yCPqndjQg7MGV jErC0Jq5cQWrL2UVqGtFyrweDwSg2P8+JUIjxmBuOkxVLpOqISZitphCqrQ4QmV0dGVyLmJl IElUIChCZXR0ZXIuYmUgSVQgRGVwYXJ0bWVudCkgPGl0QGJldHRlcmJlLmNvbT6IYAQTEQIA IAUCSamrYQIbAwYLCQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJEApvL9bsw5ZXrIEAoI1G0XDP 5EwG/i21//n3OBpp4XOEAJ48wwJS+ktfX+TsEAlMZFeMHg3edLkCDQRJqathEAgAtK+scXKx ZD045/lvclCKdQBL+TPsIZ0MUYNI09oIb/oWLo+zCJi6/513uVVU5blUliJVFGCQzoVDHjMi SKnkz7gQP4LinHxq7IybbQn2KLFFI5Da2Zf9xWKpt+ZVdrEu1QwqKKKUthx2priC49roYYJ9 T5Yl19Gb2HsDuAfEG5rzean7chY+14dqaDfMv3rwACYrLk8076NRVUhCPzOg9JtgEHfOjPEv kFe6fYAZdMXZ0lFeo1YX6rfeiQdEc/jZdhPaIviKrV7Vv04fDWTV2r+KIAL58GEIdvkGhD2J 5nl29GalOf/lIw17q//37rdfbVFiiTB5nLYsjAa6pCHwdwADBQf/W0gfJ+zXv6p3zZ6RHtH9 58Jpf8/W1ZxZoLkbGdi2v0tYoH9NWq2opE5lf7by18m0LzXadUUrFFVu2Z69AEydvWYefEBw JfyLyuk4QbaDv7qEEnFiN2HQOT3DEy5Ca02Mpznn592SJa9LY7/RCPItVDc/f1pDbfKLMCzC T5ivWOIXzhHH7xxXq/fjLjZIfRUSnIHvTsyx9npQWUpvzCu3dIXZVpCCQxDKVUJn9P5VyDMo G0mBtUu2klBI4j+12xcaGRdz72apOdH2eLcbIQzJ5mXiH+ycz1g4mXngCWPmg4YrtiJ4cKw8 impdPssjU+Ifg9I+hxpDWbNUiRJkEG4MfIhJBBgRAgAJBQJJqathAhsMAAoJEApvL9bsw5ZX 4JsAnjEsuPI3XPDASxFHqbbS0XwiFYJFAKCmcOzceKiCSzCp9e2647Kk5Vg3Qg==
- Content-language: en-US
- In-reply-to: <CD434FCACABD0E29159EED94@[192.168.1.144]>
- References: <7a1e7cdd-cfe6-8ab5-f5de-d63a31f3a992@jhprins.org> <CD434FCACABD0E29159EED94@[192.168.1.144]>
- User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.4.1
Hello Quanah,
Your domain
ACLs should be contained within the domain database section, not
in the global configuration section.
Within: dn: olcDatabase={1}mdb,cn=config ?
Changes this.
This second
syncprov overlay needs to be removed. It should only occur once.
Removed the second syncprov section. Was already under the
impression that I had a duplicate declaration, but wasn't sure.
Thanks for confirming this for me.
dn: olcDatabase={1}bdb,cn=config
back-bdb is deprecated and should not be used. back-mdb should be
used instead.
Changed it to: dn: olcDatabase={1}mdb,cn=config
Something else I see, when I use jxplorer
to look at the content of a
server using the cn=config credentials I would expect to see all
values
including the empty values. On a server without olcAccess lines
I see
this, but when there are olcAccess lines I only see the
configured
values. All unset values are not visible.
I have no idea what this statement means. All values of what?
What's an empty/unset value mean?
Ok, let me give you a quick example:
Normally I would expect to see something like this for all my tables
in my cn=config tree:
But when I had the olcAccess lines in the frontend tree I didn't see
all the entries in the bottom.
I could only see the entries with a value.
Finally, with
OpenLDAP 2.4, YMMV with cn=config replication as there are missing
rules necessary for it to work correctly. This has been fixed for
OpenLDAP 2.5. Unless you really need to replicate cn=config, I
advise against it.
Ok, but the 2.5 tree is currently development tree as far as I can
see and nothing close to production ready. Or am I missing something
there?
My cn=config Syncrepl is still not working, which probably means I
have to drop that requirement for now.
Jan Hugo Prins