Le 24/02/2012 18:45, Jehan Procaccia a écrit :
Hello,
I cannot figure out why on one of my replicas, I cannot browse the DIT . Apache Directory Studio for example, only show the "root DSE(2)", but the base DN (namingContext or directory suffix, whatever you call it ...) isn't visible !? on my others replicas and the master, everything is fine, I do browse the DIT, the browser shows "root DSE(3)" with the suffix visible. I might be missing something obvious, but cannot figure out what. I checked ACL:
access to dn.base="" by * read access to dn.base="cn=Subschema" by * read access to dn.subtree="dc=int-evry,dc=fr" by dn="cn=admin,dc=int-evry,dc=fr" write by users read
but still, the suffix dc=int-evry,dc=f doesn't shows up on that particular replica !? I run openldap-servers-2.4.23-20.el6.i686 with cn=config created from a slapd.conf transformed with slaptest -f .
Any help greatly appreciated .
I found the reason why my replica wasn't complete in syncrepl config I had filtered on "filter="(objectclass=interOrgPerson)"" in order to get only people's objects (partial replica) now I modified to filter="(objectClass=*)" and everything is right .
However, I still would like to replicate only some OUs under baseDN (ou=people and ou=group,ou=system) but not the remaining of OUs below ou=system => ou=Hosts , ou=Networks, ou=Protocol. How can I remove those branches to replicate ? my actual syncrepl config that replicate all: syncrepl rid=001 provider=ldaps://master.domain.fr type=refreshAndPersist searchbase="dc=int-evry,dc=fr" filter="(objectClass=*)" attrs="*" scope=sub schemachecking=on bindmethod=simple retry="60 10 300 +" binddn="cn=replic,ou=System,dc=int-evry,dc=fr" credentials="secret" updateref ldaps://master.domain.fr:636