Hello Quanah,
Your domain
ACLs should be contained within the domain database section, not
in the global configuration section.
Within: dn: olcDatabase={1}mdb,cn=config ?
Changes this.
This second
syncprov overlay needs to be removed. It should only occur once.
Removed the second syncprov section. Was already under the
impression that I had a duplicate declaration, but wasn't sure.
Thanks for confirming this for me.
dn: olcDatabase={1}bdb,cn=config
back-bdb is deprecated and should not be used. back-mdb should be
used instead.
Changed it to: dn: olcDatabase={1}mdb,cn=config
Something else I see, when I use jxplorer
to look at the content of a
server using the cn=config credentials I would expect to see all
values
including the empty values. On a server without olcAccess lines
I see
this, but when there are olcAccess lines I only see the
configured
values. All unset values are not visible.
I have no idea what this statement means. All values of what?
What's an empty/unset value mean?
Ok, let me give you a quick example:
Normally I would expect to see something like this for all my tables
in my cn=config tree:
But when I had the olcAccess lines in the frontend tree I didn't see
all the entries in the bottom.
I could only see the entries with a value.
Finally, with
OpenLDAP 2.4, YMMV with cn=config replication as there are missing
rules necessary for it to work correctly. This has been fixed for
OpenLDAP 2.5. Unless you really need to replicate cn=config, I
advise against it.
Ok, but the 2.5 tree is currently development tree as far as I can
see and nothing close to production ready. Or am I missing something
there?
My cn=config Syncrepl is still not working, which probably means I
have to drop that requirement for now.
Jan Hugo Prins