New version dn: olcDatabase={1}mdb,cn=config changetype: modify add: olcSyncRepl olcSyncRepl: rid=001 provider=ldaps://ldap1.domain.com searchbase=«dc=domain,dc=com" bindmethod=simple binddn="cn=admin,dc=domain,dc=com" credentials=5fX?BLR2 tls_reqcert=allow type=refreshAndPersist retry="30+ timeout=1 olcSyncRepl: rid=002 provider=ldaps://ldap2.domain.com searchbase=«dc=domain,dc=com" bindmethod=simple binddn="cn=admin,dc=domain,dc=com" credentials=5fX?BLR2 tls_reqcert=allow type=refreshAndPersist retry="30+" timeout=1 - add: olcMirrorMode olcMirrorMode: TRUE
That is, I want to replicate the database using admin. But there is an error <olcMirrorMode> database is not a shadow .
How do I fix it ? )
31 янв. 2020 г., в 15:41, Клеусов Владимир Сергеевич <Kleusov.Vladimir@wildberries.rumailto:Kleusov.Vladimir@wildberries.ru> написал(а):
dn: olcDatabase={1}mdb,cn=config objectClass: olcDatabaseConfig objectClass: olcMdbConfig olcDatabase: {1}mdb olcDbDirectory: /var/lib/ldap olcSuffix: dc=domain,dc=com olcAccess: {0}to attrs=userPassword by self write by anonymous auth by * non e olcAccess: {1}to attrs=shadowLastChange by self write by * read olcAccess: {2}to * by * read olcLastMod: TRUE olcRootDN: cn=admin,dc=domain,dc=com olcRootPW:: e1NTSEF9UThYdWNWY1BwMldsd1l3VGxtRkhWYWlrVVN5Y0hBUnk=
Начало переадресованного сообщения:
Отправитель: Quanah Gibson-Mount <quanah@symas.commailto:quanah@symas.com> Тема: Ответ: MultiMaster replication password Дата: 30 января 2020 г. в 00:17:00 GMT+3 Кому: Клеусов Владимир Сергеевич <Kleusov.Vladimir@wildberries.rumailto:Kleusov.Vladimir@wildberries.ru>, <openldap-technical@openldap.orgmailto:openldap-technical@openldap.org> Ответ-Кому: Quanah Gibson-Mount <quanah@symas.commailto:quanah@symas.com>
--On Wednesday, January 29, 2020 8:07 PM +0000 Клеусов Владимир Сергеевич <Kleusov.Vladimir@wildberries.rumailto:Kleusov.Vladimir@wildberries.ru> wrote:
Funny. And according to that instruction, there was nothing about the ACL: =)
Now can I create an acl without breaking replication ?
Your configuration clearly comes with pre-defined ACLs. You need to appropriately modify said ACLs. As you have not provided your ACLs, there's not much help that can be offered.
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.comhttp://www.symas.com/>