Looks ok to me. Did you set your replica up to fully resynch after making the acl changes on the master and restarting slapd on it (the master)?
--Quanah
I do this:
[root@victory3 ldap]# /etc/init.d/ldap stop && rm -fr /var/lib/ldap/*.* /var/lib/ldap/alock && /etc/init.d/ldap start
[root@victory3 ldap]# ldapsearch -x -Z -h victory2.srg.com -D "cn=Manager,dc=srg,dc=com" -w secret -b cn=test3,dc=srg,dc=com # extended LDIF # # LDAPv3 # base <cn=test3,dc=srg,dc=com> with scope subtree # filter: (objectclass=*) # requesting: ALL #
# test3, srg.com dn: cn=test3,dc=srg,dc=com objectClass: top objectClass: person userPassword:: e02A2X1IR3RTVEN2VDBoZitwakFKekw4ZU1nPT0= sn: test3 cn: test3
# search result search: 3 result: 0 Success
# numResponses: 2 # numEntries: 1 [root@victory3 ldap]# ldapsearch -x -D "cn=Manager,dc=srg,dc=com" -w secret -b cn=test3,dc=srg,dc=com # extended LDIF # # LDAPv3 # base <cn=test3,dc=srg,dc=com> with scope subtree # filter: (objectclass=*) # requesting: ALL #
# search result search: 2 result: 32 No such object matchedDN: dc=srg,dc=com
# numResponses: 1
uid=user,ou=People entries replicate fine, as well as services and everything else that came from the migration tools. But those test entries and the SambaDomainName entry at the top level don't replicate.
Should I start the consumer with a certain debug level and look into an error?
I just started slapd with -s 205 -d 205 2>debug.txt after letting it run for a minute, there is no "test2" or "test3" in the resulting output, though every other entry is.
Should we be looking into the provider?