Le 11 oct. 2018 =C3=A0 18:32, Howard Chu hyc@symas.com a =C3=A9crit =
:
=20 goudal@bordeaux-inp.fr wrote:
Full_Name: Fr.d.ric Goudal =20 Solution=20 -remove by hand the dn: uid=3Dfoo,ou=3Dbar,dc=3Dmy,dc=3Ddomain, =
that remove the
glue object
- create by hand the ou=3Dbar,dc=3Dmy,dc=3Ddomain
=20 What IMHO slapd should do :
- either check that it does not add an object before its parent =
objects
=20 No. This behavior is already documented in the Syncrepl specification. =20
- either convert the glue object to the correct object when the real =
creation is
needed.
=20 The slapd consumer already does this when running on a local database. =
It would
require Manage privileges when running through back-ldap. Check your =
back-ldap configuration.
Well=E2=80=A6 I=E2=80=99v read 5 time the documentation on my setup, = never seen the manage privilege mentioned anywhere=E2=80=A6 Even in the example given for the backend configuration the acls don=E2=80= =99t mention this =C2=AB manage =C2=BB privilege :
=46rom page : = https://www.openldap.org/doc/admin24/replication.html#Syncrepl
# Give the replica DN unlimited read access. This ACL may need to be # merged with other ACL statements.
access to * by dn.base=3D"cn=3Dreplicator,dc=3Dsuretecsystems,dc=3Dcom" = write by * break
access to dn.base=3D"" by * read
access to dn.base=3D"cn=3DSubschema" by * read
access to dn.subtree=3D"cn=3DMonitor" by dn.exact=3D"uid=3Dadmin,dc=3Dsuretecsystems,dc=3Dcom" = write by users read by * none
access to * by self write by * read
Wel.. I can accept it=E2=80=99s a documentation bug=E2=80=A6but where is = the correct documentation ?
f.g.
-
frederic.goudal@bordeaux-inp.fr