7 Mar
2008
7 Mar
'08
12:57 p.m.
On Fri, 7 Mar 2008, Ralph RöÃ~_ner wrote:
Otherwise it is not. It appears that the replication filter is evaluated using the access rights of the user making the modification, not those of the replication user.
IIRC, the syncrepl client should connect to the provider, bind as the identity configured on the syncrepl client, then perform a search with the filter configured on the syncrepl client.
As such, the "user making the modification" should never enter into the algorithm. You should be able to verify this with "slapd -d access" on the provider. Give it a try and see if it looks sane, i.e. you should only see references to the identity configured on the syncrepl client in the course of a syncrepl connection.