[jira] [Commented] (DIRSERVER-1988) Replication does not copy subentries at BaseDN

Mon, 11 Aug 2014 04:52:31 -0700 

    [ 
https://issues.apache.org/jira/browse/DIRSERVER-1988?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14092703#comment-14092703
 ] 

Kiran Ayyagari commented on DIRSERVER-1988:
-------------------------------------------

I couldn't reproduce this.
Here is what I did with two server instances(v2.0.0-M17) M and S both have a 
dc=example,dc=com partition 
configured (no context entry was injected initially)

  1. On M, injected a context entry and added a access control subentry to it. 
  2. Configured S as a slave for master node M
  3. Restarted slave S
  4. S now got the context entry and the subentry from master M



> Replication does not copy subentries at BaseDN
> ----------------------------------------------
>
>                 Key: DIRSERVER-1988
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-1988
>             Project: Directory ApacheDS
>          Issue Type: Bug
>          Components: core
>    Affects Versions: 2.0.0-M16, 2.0.0-M17
>         Environment: CentOS 6
>            Reporter: Ashton Davis
>
> Problem: Setting up replication for a particular partition doesn't copy 
> context entries for the base DN.
> Cause: This is a theory, but I think that because the partition is created 
> and dc=ntent,dc=com exists prior to replication, the replication engine isn't 
> updating it with the correct context entry (administrativeRole), which is a 
> blocker for importing the ACISubEntry (if administrativeRole is not defined 
> on the parent, the server won't allow the ACISubEntry to be created).
> Steps to replicate:
> I have a top-level ACI to control access to an entire partition.  It's 
> applied at the BaseDN
> DN: dc=ntent,dc=com
> administrativeRole: accessControlSpecificArea
> My ACI Subentry lives under the BaseDN
> DN: cn=ntentAuthRequirementsACISubentry,dc=ntent,dc=com
> When I set up replication, I follow these steps:
> 1) Extend schema as required
> 2) Create parition, enable access control
> 3) Restart ApacheDS
> 4) Set up replication and restart ApacheDS
> After a few successful synchronizations, all entries (including context 
> entries) are imported EXCEPT for dc=ntent,dc=com.
> As stated above, I think the ACI subentry itself would be replicated, but 
> it's being blocked from doing so by the server, because administrativeRole is 
> a requirement for an ACI subentry.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to