Hello Quanah,
> Your domain ACLs should be contained within the domain database
> section, not in the global configuration section.
>
Within: dn: olcDatabase={1}mdb,cn=config ?
Changes this.
> This second syncprov overlay needs to be removed. It should only
> occur once.
>
Removed the second syncprov section. Was already under the impression
that I had a duplicate declaration, but wasn't sure. Thanks for
confirming this for me.
>
>> dn: olcDatabase={1}bdb,cn=config
>
> back-bdb is deprecated and should not be used. back-mdb should be
> used instead.
>
Changed it to: dn: olcDatabase={1}mdb,cn=config
>
>> Something else I see, when I use jxplorer to look at the content of a
>> server using the cn=config credentials I would expect to see all values
>> including the empty values. On a server without olcAccess lines I see
>> this, but when there are olcAccess lines I only see the configured
>> values. All unset values are not visible.
>
> I have no idea what this statement means. All values of what? What's
> an empty/unset value mean?
>
Ok, let me give you a quick example:
Normally I would expect to see something like this for all my tables in
my cn=config tree:
But when I had the olcAccess lines in the frontend tree I didn't see all
the entries in the bottom.
I could only see the entries with a value.
> Finally, with OpenLDAP 2.4, YMMV with cn=config replication as there
> are missing rules necessary for it to work correctly. This has been
> fixed for OpenLDAP 2.5. Unless you really need to replicate
> cn=config, I advise against it.
Ok, but the 2.5 tree is currently development tree as far as I can see
and nothing close to production ready. Or am I missing something there?
My cn=config Syncrepl is still not working, which probably means I have
to drop that requirement for now.
Jan Hugo Prins
