Hello,
I'd like to manage replica ( read only) via ACL.
So all replica servers would have the same config :
olcSyncrepl :rid=001 provider=ldap://ip:389
binddn="cn=seruser-test,ou=AppUsers,dc=test,dc=net" bindmethod=simple
credentials=secret searchbase="dc=phonesystems,dc=net"
type=refreshAndPersist interval=00:00:00:10 retry="60 10 300 12 7200 +"
where searchbase is the base entry.
If we want to add a subtree to a replica, we'd only have to add rights
to the ACL on the master.
exple :
...to dn.subtree="ou=customer,ou=suite,dc=test,dc=net" by
group/groupOfNames/member.exact="cn=ser-test-write,ou=groups,cn=system"
write by
group/groupOfNames/member.exact="cn=ser-test-read,ou=groups,cn=system"
read by * none
adding
to dn.subtree="ou=provider,ou=suite,dc=test,dc=net" by
group/groupOfNames/member.exact="cn=ser-test-write,ou=groups,cn=system"
write by
group/groupOfNames/member.exact="cn=ser-test-read,ou=groups,cn=system"
read by * none
would add the subtree "ou=provider,ou=suite,dc=test,dc=net" to the replica.
It would be easier to manage replica. Is it possible to implement this
solution ?
Thank you