hi, my problem about it is slave server is not copied attr authzTo from master server
my slapd.conf include:
access to attrs=userPassword,authzTo,entry,children by dn.exact="cn=replicant,ou=people,dc=the,dc=net" write by self read by group.base="cn=ldapadmin,ou=people,dc=thebunker,dc=net" read by anonymous auth by *
and
syncrepl rid=1 provider=ldap://test.the.net:389/ type=refreshAndPersist interval=00:00:01:00 searchbase="dc=the,dc=net" filter="(objectClass=*)" scope=sub attrs="*" schemachecking=off updatedn="cn=replicant,ou=people,dc=the,dc=net" bindmethod=sasl saslmech=digest-md5 realm=the.net retry=1,5,30,+ credentials=xxxx authcid="replicant"
but it is not doing copy of attr: authzTo from master server
master server slapd.conf include
access to attrs=userPassword,authzTo,entry,children by self write by group.exact="cn=ldapadmin,ou=people,dc=the,dc=net" write by dn.exact="cn=replicant,ou=people,dc=the,dc=net" read by anonymous auth by *
and idea how to sort it? cheers
tomasz wrote:
hi, my problem about it is slave server is not copied attr authzTo from master server
You should explicitly request their replication ...
attrs="*"
... by setting the "attrs" option in "syncrepl" to
attrs="*,authzFrom,authzTo"
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: pierangelo.masarati@sys-net.it ------------------------------------------
Pierangelo Masarati wrote:
tomasz wrote:
hi, my problem about it is slave server is not copied attr authzTo from master server
You should explicitly request their replication ...
attrs="*"... by setting the "attrs" option in "syncrepl" to
attrs="*,authzFrom,authzTo"
Ing. Pierangelo Masarati OpenLDAP Core Team
cheers i will try that at Monday
thank you
i thought '*' included everything.... looks like misreading to me... is it clear in docs?
tomasz wrote:
Pierangelo Masarati wrote:
tomasz wrote:
hi, my problem about it is slave server is not copied attr authzTo from master server
You should explicitly request their replication ...
attrs="*"... by setting the "attrs" option in "syncrepl" to
attrs="*,authzFrom,authzTo"
Ing. Pierangelo Masarati OpenLDAP Core Team
cheers i will try that at Monday
thank you
i thought '*' included everything.... looks like misreading to me... is it clear in docs?
authzTo/authzFrom are operational (USAGE distributedOperation), so they need to be explicitly requested; see RFC 4511 Section 4.5.1.8.
p.
Ing. Pierangelo Masarati OpenLDAP Core Team
SysNet s.n.c. Via Dossi, 8 - 27100 Pavia - ITALIA http://www.sys-net.it ------------------------------------------ Office: +39.02.23998309 Mobile: +39.333.4963172 Email: pierangelo.masarati@sys-net.it ------------------------------------------
--On Friday, March 30, 2007 8:26 PM +0100 tomasz tomaszd@paraklet.net wrote:
Pierangelo Masarati wrote:
tomasz wrote:
hi, my problem about it is slave server is not copied attr authzTo from master server
You should explicitly request their replication ...
attrs="*"... by setting the "attrs" option in "syncrepl" to
attrs="*,authzFrom,authzTo"
Ing. Pierangelo Masarati OpenLDAP Core Team
cheers i will try that at Monday
thank you
i thought '*' included everything.... looks like misreading to me... is it clear in docs?
Why are you even setting attrs? Do you want to *not* copy operational attributes? Usually you need to do this for things to work right, period. Note that the default for attrs if it is not specified is "*,+", which is all attributes plus all operational attributes. There is almost never a reason to not just use the default, and plenty of reasons to use it.
--Quanah
-- Quanah Gibson-Mount Senior Systems Software Developer ITS/Shared Application Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
Quanah Gibson-Mount wrote:
--On Friday, March 30, 2007 8:26 PM +0100 tomasz tomaszd@paraklet.net wrote:
Pierangelo Masarati wrote:
tomasz wrote:
hi, my problem about it is slave server is not copied attr authzTo from master server
You should explicitly request their replication ...
attrs="*"... by setting the "attrs" option in "syncrepl" to
attrs="*,authzFrom,authzTo"Ing. Pierangelo Masarati OpenLDAP Core Team
cheers i will try that at Monday
thank you
i thought '*' included everything.... looks like misreading to me... is it clear in docs?
Why are you even setting attrs? Do you want to *not* copy operational attributes? Usually you need to do this for things to work right, period. Note that the default for attrs if it is not specified is "*,+", which is all attributes plus all operational attributes. There is almost never a reason to not just use the default, and plenty of reasons to use it.
--Quanah
thats nice and fine ... but doesnt work... i've tried without set up attr for syncrep tried with attrs="*,+"; attrs="*,authzFrom,authzTo"
nothing ... still not copied
is it ok with schemas?
include /usr/local/etc/openldap/schema/core.schema include /usr/local/etc/openldap/schema/misc.schema include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/inetorgperson.schema include /usr/local/etc/openldap/schema/openldap.schema include /usr/share/sendmail/cf/sendmail.schema
or should i include something else?
--On Saturday, March 31, 2007 10:21 PM +0100 tomasz tomaszd@paraklet.net wrote:
Quanah Gibson-Mount wrote:
--On Friday, March 30, 2007 8:26 PM +0100 tomasz tomaszd@paraklet.net wrote:
Pierangelo Masarati wrote:
tomasz wrote:
hi, my problem about it is slave server is not copied attr authzTo from master server
You should explicitly request their replication ...
attrs="*"... by setting the "attrs" option in "syncrepl" to
attrs="*,authzFrom,authzTo"Ing. Pierangelo Masarati OpenLDAP Core Team
cheers i will try that at Monday
thank you
i thought '*' included everything.... looks like misreading to me... is it clear in docs?
Why are you even setting attrs? Do you want to *not* copy operational attributes? Usually you need to do this for things to work right, period. Note that the default for attrs if it is not specified is "*,+", which is all attributes plus all operational attributes. There is almost never a reason to not just use the default, and plenty of reasons to use it.
--Quanah
thats nice and fine ... but doesnt work... i've tried without set up attr for syncrep tried with attrs="*,+"; attrs="*,authzFrom,authzTo"
How do you know it isn't working? I.e., have you specifically done an ldapsearch on the object requesting the operational attributes? Or are you just doing a normal ldapsearch? or something else?
And if all you need is the default, there's no need to actually specify the attrs line. Helps keep you from making mistakes. ;)
--Quanah
-- Quanah Gibson-Mount Senior Systems Software Developer ITS/Shared Application Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
openldap-software@openldap.org
-
Pierangelo Masarati -
Quanah Gibson-Mount -
tomasz