Hi List,
I'm attempting to set up replication of schema, olcAccess and olcLimits. It appears replicating the schema works, but the olcAccess and olcLimits do not appear to replicate under olcDatabase={2}bdb,cn=config. (Additionally the DIT under dc=une,dc=edu,dc=au is also replicated without issue).
The syncprov overlay is in place root@ldap-master-dev [DEV] ~/ldap-config/# ldapsearch -Y EXTERNAL -H ldapi:// -LL -b olcOverlay={0}syncprov,olcDatabase={0}config,cn=config SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 version: 1
dn: olcOverlay={0}syncprov,olcDatabase={0}config,cn=config objectClass: olcOverlayConfig objectClass: olcSyncProvConfig olcOverlay: {0}syncprov
The SyncUser has access to read the cn=schema,cn=config and olcDatabase={2}bdb,cn=config branches: root@ldap-master-dev [DEV] ~/ldap-config/# ldapsearch -Y EXTERNAL -H ldapi:// -LL -b olcDatabase={0}config,cn=config olcAccess SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 version: 1
dn: olcDatabase={0}config,cn=config olcAccess: {0}to dn.subtree="cn=schema,cn=config" by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage by dn="cn=SyncUser,dc=une,dc=edu,dc=au" read by * none olcAccess: {1}to dn.subtree="olcDatabase={2}bdb,cn=config" by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage by dn="cn=SyncUser,dc=une,dc=edu,dc=au" read by * none olcAccess: {2}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage by * none
dn: olcOverlay={0}syncprov,olcDatabase={0}config,cn=config
On the consumer side, I've added the following two olcSyncRepl enteries to the olcDatabase={2}bdb,cn=config:
root@ldap-slave-dev-00 [DEV] ~/ldap-slave-config/# ldapsearch -Y EXTERNAL -H ldapi:/// -LL -b olcDatabase={0}config,cn=config olcSyncRepl SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 version: 1
dn: olcDatabase={0}config,cn=config olcSyncrepl: {0}rid=001 provider=ldap://ldap-master-dev.server.une.edu.au bindmethod=simple binddn="cn=SyncUser,dc=une,dc=edu,dc=au" credentials="PASSWORD" searchbase="cn=schema,cn=config" type=refreshAndPersistinterval=00:00:00:10 retry="5 5 300 5" timeout=1 olcSyncrepl: {1}rid=003 provider=ldap://ldap-master-dev.server.une.edu.au bindmethod=simple binddn="cn=SyncUser,dc=une,dc=edu,dc=au" credentials="PASSWORD" searchbase="olcDatabase={2}bdb,cn=config" attrs="olcDbIndex,olcDbConfig,olcAccess,olcLimits" type=refreshAndPersist interval=00:00:00:10 retry="5 5 300 5" timeout=1
I don't follow why this doesn't work.
Any suggestions?
Thanks