--On Sunday, December 06, 2015 10:43 PM +0100 Paul van der Vlis paul@vandervlis.nl wrote:
Op 06-12-15 om 22:27 schreef Quanah Gibson-Mount:
--On Sunday, December 06, 2015 10:13 PM +0100 Paul van der Vlis paul@vandervlis.nl wrote:
ldapsearch -x -b "cn=admin,dc=domain,dc=nl" -H ldapi:///
The above is an anonymous search. Do your acls actually allow results to be returned with anonymous searches?
Yes. Something like this gives "0 Success" on the replicated server: ldapsearch -x -b "cn=paul,ou=users,dc=domain,dc=nl" -H ldapi:///
Not sure what your point is. Do you mean it actually returns that user entry *as well* as returning success? There are very few instances where it will /not/ return success. Do not confuse a success result with meaning that your ACLs are correct.
And the ldapsearch with cn=admin works fine on the master.
Again, as I noted before, this could be a rootdn that doesn't actually exist in the data backed database.
Again, you should slapcat both the master and replica and confirm their contents match.
You may also which to see if your admin user actually exists in the data db on the master, or if it is a rootdn that only exists in the configuration.
--Quanah
--
Quanah Gibson-Mount Platform Architect Zimbra, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration