Hello,
I just try to set up the replication for cn=config using the example from the documentation: https://www.openldap.org/doc/admin24/replication.html
I have 3 Provider in an MMR with delta-syncrpl. Delta-syncrepl is working fine I can add and change objects from all three providers.
Then I set up the replication for cn=config. Here are the changes I made on all three providers: ----------- olcServerID: 1 ldap://hm-01.example.net olcServerID: 2 ldap://hm-02.example.net olcServerID: 3 ldap://hm-03.example.net ... # {0}config, config dn: olcDatabase={0}config,cn=config objectClass: olcDatabaseConfig olcDatabase: {0}config olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external ,cn=auth manage by * break olcRootDN: cn=admin,cn=config olcRootPW: {SSHA}Uyelb0kyqWuEqr4QmfvrpDaD7VYjeU8h olcSyncrepl: {0}rid=001 provider=ldap://hm-01.example.net binddn="cn=admin,cn= config" bindmethod=simple credentials=geheim searchbase="cn=config" type=ref reshAndPersist retry="5 5 300 5" timeout=1 starttls=yes olcSyncrepl: {1}rid=002 provider=ldap://hm-02.example.net binddn="cn=admin,cn= config" bindmethod=simple credentials=geheim searchbase="cn=config" type=refr eshAndPersist retry="5 5 300 5" timeout=1 starttls=yes olcSyncrepl: {2}rid=003 provider=ldap://hm-03.example.net binddn="cn=admin,cn= config" bindmethod=simple credentials=geheim searchbase="cn=config" type=refr eshAndPersist retry="5 5 300 5" timeout=1 starttls=yes olcMirrorMode: TRUE
# {0}syncprov, {0}config, config dn: olcOverlay={0}syncprov,olcDatabase={0}config,cn=config objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: {0}syncprov ----------------
It's same on all three providers.
When I do a change on the first provider (hm-01) the change will be replicat to hm-02 and hm-03. But if I try to change or add an ACL on one either hm-02 or hm-03 the change will not be replicated to the other providers.
I'm using Debian 10 with the OpenLDAP-packages from debian-backport version 2.4.57.
Before setting up the replication for cn=config I checked that the configuration on all three providers are the same.
So what did I do wrong or did I miss something
Stefan