On 25.05.2012 17:56, Konstantin Menshikov wrote:
Hi.I have replication setup . Full replication of o=company, but user for replication (uid=replica,ou=users,o=company) is limited by ACL. Master configuration: access to dn.subtree="ou=users,o=company" attrs=userPassword by anonymous auth access to dn.base="o=company" by dn.exact="uid=replica,ou=users,o=company" read access to dn.subtree="ou=dev,o=company" by dn.exact="uid=replica,ou=users,o=company" read ####################################################################### # BDB database definitions ####################################################################### database hdb suffix "o=company" rootdn "cn=ldapadm,o=company" rootpw password directory /var/db/openldap-data/o=company overlay syncprov Slave configuration: ####################################################################### # BDB database definitions ####################################################################### database hdb suffix "o=company" rootdn "cn=ldapadm,o=company" rootpw password directory /var/db/openldap-data/o=company syncrepl rid=001 provider=ldap://ro1.devel.ldap.company.ru:389 type=refreshAndPersist retry="5 10 300 +" searchbase="o=company" scope=sub schemachecking=off starttls=critical bindmethod=simple tls_reqcert=never binddn="uid=replica,ou=users,o=company" credentials="password" Replication works. When i move object in forbidden by ACL subtree, then no information about this modification goes to the replica server e.g. operation on master server: dn: ou=groups2,ou=dev,o=company changetype: moddn newrdn: ou=groups2 deleteoldrdn: 1 newsuperior: ou=corp,o=company This object is not deleted and contextCSN is not updated on the replica. Is it expected behavior or not? -- Konstantin Menshikov
somebody? anybody? -- Konstantin Menshikov
