hello
not sure it's the best practice , but here's the ACL I set on my provider to
allow replication on consumer with cn=repuser,ou=dsa,dc=mydomain,dc=fr as the
replication user DN
# cat olcRepConfigAccess.ldif
dn: olcDatabase={3}mdb,cn=config #Database number (3) and type (mdb) might be
different on your instance .
changetype: modify
replace: olcAccess
olcAccess: {0}to * by
dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by *
break
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to dn.base="dc=mydomain,dc=fr" by * read
olcAccess: {3}to dn.subtree="dc=mydomain,dc=fr" by
dn.exact="cn=repuser,ou=dsa,dc=mydomain,dc=fr" read by * break
olcAccess: {4}to attrs=userPassword,shadowLastChange by self write by anonymous
auth by dn.exact="cn=repuser,ou=dsa,dc=mydomain,dc=fr" read by * none
olcAccess: {5}to * by self read by * none
Then I set it this way
ldapmodify -Y EXTERNAL -H ldapi:/// -f ./olcRepConfigAccess.ldif
hope it helps .
----- Mail original -----
De: [email protected]
À: "openldap-technical" <[email protected]>
Envoyé: Mardi 2 Juin 2020 18:00:46
Objet: Re: userPassword is not replicated
What should I change in my configuration master/slave in terms of ACL prior to
replicate the userPassword attribute from provider to consumer ?
Please help me,
Razvan
