Found something more.. I have ou object and description in it. I can modify that description and replicate it as long as administrativeRole is not present. When I add administrativeRole, I got this error when I try to modify or add any attribute:
jvm 1 | [15:21:29] ERROR [org.apache.directory.server.core.schema.SchemaInterceptor] - ERR_54 Cannot add a value which is already present : accessControlSpecificArea jvm 1 | [15:21:29] ERROR [org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl] - ERR_54 Cannot add a value which is already present : accessControlSpecificArea jvm 1 | org.apache.directory.shared.ldap.model.exception.LdapAttributeInUseException: ERR_54 Cannot add a value which is already present : accessControlSpecificArea jvm 1 | at org.apache.directory.server.core.schema.SchemaInterceptor.checkModifyEntry(SchemaInterceptor.java:858) jvm 1 | at org.apache.directory.server.core.schema.SchemaInterceptor.modify(SchemaInterceptor.java:1390) jvm 1 | at org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:599) jvm 1 | at org.apache.directory.server.core.hash.PasswordHashingInterceptor.modify(PasswordHashingInterceptor.java:113) jvm 1 | at org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:599) jvm 1 | at org.apache.directory.server.core.kerberos.KeyDerivationInterceptor.modify(KeyDerivationInterceptor.java:164) jvm 1 | at org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:599) jvm 1 | at org.apache.directory.server.core.exception.ExceptionInterceptor.modify(ExceptionInterceptor.java:298) jvm 1 | at org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:599) jvm 1 | at org.apache.directory.server.core.authz.DefaultAuthorizationInterceptor.modify(DefaultAuthorizationInterceptor.java:288) jvm 1 | at org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:599) jvm 1 | at org.apache.directory.server.core.authz.AciAuthorizationInterceptor.modify(AciAuthorizationInterceptor.java:855) jvm 1 | at org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:599) jvm 1 | at org.apache.directory.server.core.referral.ReferralInterceptor.modify(ReferralInterceptor.java:309) jvm 1 | at org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:599) jvm 1 | at org.apache.directory.server.core.authn.AuthenticationInterceptor.modify(AuthenticationInterceptor.java:1050) jvm 1 | at org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:599) jvm 1 | at org.apache.directory.server.core.normalization.NormalizationInterceptor.modify(NormalizationInterceptor.java:248) jvm 1 | at org.apache.directory.server.core.DefaultOperationManager.modify(DefaultOperationManager.java:660) jvm 1 | at org.apache.directory.server.core.shared.DefaultCoreSession.modify(DefaultCoreSession.java:590) jvm 1 | at org.apache.directory.server.core.shared.DefaultCoreSession.modify(DefaultCoreSession.java:564) jvm 1 | at org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl.modify(ReplicationConsumerImpl.java:985) jvm 1 | at org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl.handleSearchResult(ReplicationConsumerImpl.java:361) jvm 1 | at org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl.doSyncSearch(ReplicationConsumerImpl.java:618) jvm 1 | at org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl.startSync(ReplicationConsumerImpl.java:505) jvm 1 | at org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl.start(ReplicationConsumerImpl.java:548) jvm 1 | at org.apache.directory.server.ldap.LdapServer$2.run(LdapServer.java:660) jvm 1 | at java.lang.Thread.run(Thread.java:722) On 05/11/2012 12:03 PM, Emmanuel Lécharny wrote: > Le 5/11/12 11:12 AM, houmles a écrit : >> Guys i found the problem and don't know how to solve it.. >> DN's which have ACLs on them (administrativerole, accesscontrolsubentry) >> don't replicate attributes even when I grant everything for everyone. >> When i remove ACLs, everything works. >> I tested this on both master and slave clear servers, just added new >> partition, DN and ACL on it. >> I suppose this is not intended. Maybe its bug? > > I wonder if we transfert Operational Attributes. Can you add the > followin values : > ads-replattributes: administrativeRole > ads-replattributes: accessControlSubentry > > >
