I've been using dirsrv for some time now, but have always had issues with the RO access on the consumers. I recently started looking into it again, but I'm still having issues with how to truly restrict write access to them.
Here is my problem: I have a single master with 3 consumers. I can make changes to the master, with those changes replicating down to the consumes with no problems. BUT, I can login to the consumer and make changes to the DB, luckily it doesn't get replicated back up to the master. I have tried a few things; 1: setting nssldapd-readonly to 'on' (which caused major issues on the consumers) in cn=ldbm database,cn=plugins,cn=config; and I've also tried updating the nsds5replicatype to 2, which should set it to a consumer (read-only replica). I'm not sure if there is a way to do it with host specific ACI's but if anyone has any suggestions, I all ears. :) Thanks, and I look forward to any comments you might have. Nick Cappelletti [email protected] -- 389 users mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/389-users
