Replicating Schema, olcAccess and olcLimits

Andrew Devenish-Meares Mon, 05 Aug 2013 22:59:08 -0700

Hi List,

I'm attempting to set up replication of schema, olcAccess and olcLimits. 
  It appears replicating the schema works, but the olcAccess and 
olcLimits do not appear to replicate under olcDatabase={2}bdb,cn=config. 
  (Additionally the DIT under dc=une,dc=edu,dc=au is also replicated 
without issue).


The syncprov overlay is in place
root@ldap-master-dev [DEV] ~/ldap-config/# ldapsearch -Y EXTERNAL -H 
ldapi:// -LL -b olcOverlay={0}syncprov,olcDatabase={0}config,cn=config
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
version: 1

dn: olcOverlay={0}syncprov,olcDatabase={0}config,cn=config
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: {0}syncprov


The SyncUser has access to read the cn=schema,cn=config and 
olcDatabase={2}bdb,cn=config branches:
root@ldap-master-dev [DEV] ~/ldap-config/# ldapsearch -Y EXTERNAL -H 
ldapi:// -LL -b olcDatabase={0}config,cn=config olcAccess
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
version: 1

dn: olcDatabase={0}config,cn=config
olcAccess: {0}to dn.subtree="cn=schema,cn=config" by 
dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage 
by dn="cn=SyncUser,dc=une,dc=edu,dc=au" read by * none
olcAccess: {1}to dn.subtree="olcDatabase={2}bdb,cn=config" by 
dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage 
by dn="cn=SyncUser,dc=une,dc=edu,dc=au" read by * none
olcAccess: {2}to *  by 
dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage 
  by * none

dn: olcOverlay={0}syncprov,olcDatabase={0}config,cn=config


On the consumer side, I've added the following two olcSyncRepl enteries 
to the olcDatabase={2}bdb,cn=config:

root@ldap-slave-dev-00 [DEV] ~/ldap-slave-config/# ldapsearch -Y 
EXTERNAL -H ldapi:/// -LL -b olcDatabase={0}config,cn=config olcSyncRepl
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
version: 1

dn: olcDatabase={0}config,cn=config
olcSyncrepl: {0}rid=001 
provider=ldap://ldap-master-dev.server.une.edu.au bindmethod=simple 
binddn="cn=SyncUser,dc=une,dc=edu,dc=au" credentials="PASSWORD" 
searchbase="cn=schema,cn=config" 
type=refreshAndPersistinterval=00:00:00:10 retry="5 5 300 5" timeout=1
olcSyncrepl: {1}rid=003 
provider=ldap://ldap-master-dev.server.une.edu.au bindmethod=simple 
binddn="cn=SyncUser,dc=une,dc=edu,dc=au" credentials="PASSWORD" 
searchbase="olcDatabase={2}bdb,cn=config" 
attrs="olcDbIndex,olcDbConfig,olcAccess,olcLimits" 
type=refreshAndPersist interval=00:00:00:10 retry="5 5 300 5" timeout=1

I don't follow why this doesn't work.

Any suggestions?

Thanks

-- 
Andrew Devenish-Meares
Solutions Analyst
Information Technology
University of New England
Armidale   NSW   2351

e:  [email protected]
p:  02 6773 4098
w: http://une.edu.au/itd

Replicating Schema, olcAccess and olcLimits

Reply via email to