Thanks Quanah...
Now, I'm going to ask this...
My current ACL is:
olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by anonymous auth by * none olcAccess: {1}to * by * read
Supposed this allows the user to modify their userPassword and (in so doing) modifying the shadowLastChange, allows anonymous to authenticate against these entries and allows others to read these entries
Am I reading that correctly...or at least close?
To give my syncrepl user (ldapadmin) access, my new ACL would another olcAccess:
olcAccess:{2}to * by cn=ldapdmin manage
Is that correct?
Thanks in advance.
John Borresen
-----Original Message----- From: Quanah Gibson-Mount [mailto:quanah@zimbra.com] Sent: Thursday, January 30, 2014 2:58 PM To: Borresen, John - 0442 - MITLL; openldap-technical@openldap.org Subject: Re: Syncrepl and mmr
--On Thursday, January 30, 2014 7:51 AM -0500 "Borresen, John - 0442 - MITLL" John.Borresen@ll.mit.edu wrote:
For some reason the original never made it. Not sure why. ________________________________________ From: Borresen, John - 0442 - MITLL Sent: Wednesday, January 29, 2014 4:41 PM To: openldap-technical@openldap.org Subject: Syncrepl -- MMR
All,
Troubleshooting some issues, not to mention to verify that Syncrepl are working as they should, following setting up a 2-way multi-master in our test environment.
I noticed that the "userPassword" attributes have alldisappeared?!
olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by anonymou s auth by * none
Obviously this ACL allows no access to the userPassword or shadowLastChange attributes by your replication user. Clearly this will result in the behavior you have described.
--Quanah
--
Quanah Gibson-Mount Architect - Server Zimbra, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration