Borresen, John - 0442 - MITLL wrote:
I'm not trying to implement partial replication.
Missed the smiley?
Your *first* ACL should give read access to the whole tree to the group of
replicas and then pass on all other access checking to the subsequent ACLs (by
by group="cn=replicas,dc=example,dc=com" read
by * break
From: Michael Ströder [mailto:firstname.lastname@example.org]
Sent: Friday, January 31, 2014 2:15 PM
To: Quanah Gibson-Mount; Borresen, John - 0442 - MITLL; openldap-technical(a)openldap.org
Subject: Re: Syncrepl and mmr
Quanah Gibson-Mount wrote:
> --On Friday, January 31, 2014 1:20 PM -0500 "Borresen, John - 0442 -
> <John.Borresen(a)ll.mit.edu> wrote:
>> Thanks, Quanah
>> Not sure what you meant by " Well, it may not have been this issue, but
>> it definite would become an issue then."
>> Was what I did a good thing or not? Curious minds want to know. <lol>
> The lack of read permissions for the replication user would absolutely be an
> issue at some point. ;)
To put it the other way round:
It's very hard to implement partial replication correctly. ;-}