The error message is a bit garbled (obviously the Base DN is wrong) but the error is basically correct. You're trying to replicate the wrong thing from the wrong place. Setting a syncrepl consumer on the olcDatabase={1}mdb database lets you replicate the *content* of that database. To replicate the *configuration* of that database your consumer must be set where that configuration is stored.Igor Zinovik wrote:
Hello.
I'm trying to replicate access rules and limits for one of my databases, but
with no success:
suse:~ # cat olcAccess-syncrepl.ldif
dn: olcDatabase={1}mdb,cn=config
changetype: modify
add: olcSyncrepl
olcSyncrepl: {1}rid=002
provider=ldap://ldap1.local
bindmethod=simple
binddn="cn=admin,cn=config"
credentials="TopSecret"
searchbase="olcDatabase={1}mdb,cn=config"
attrs="olcAccess,olcLimits"
timeout=3
network-timeout=0
starttls=yes
tls_cert="/etc/openldap/ldap.pem"
tls_key="/etc/openldap/ldap.key"
tls_cacert="/etc/ssl/local-ca.pem"
tls_reqcert=demand
tls_crlcheck=none
suse:~ # ldapmodify -H ldap://ldap2.local -ZZxWD cn=admin,cn=config -f
olcAccess-syncrepl.ldif
Enter LDAP Password:
modifying entry "olcDatabase={1}mdb,cn=config"
ldap_modify: Other (e.g., implementation specific) error (80)
additional info: Base DN "olcAccess,olcLimits" is not within the
database naming context
> slapd-2.4.33 if it matters.
The configuration is stored in olcDatabase={0}config.