Hi,
I've been trying to setup OpenLDAP Master-Master replication running on SITE A (Datacenter 1) & SITE B (Datacenter 2) , I could successfully setup the sync between these masters. Changes are synchronized between the sites without any issues. Now I got a new requirement that "SITE A users/entries/objects should not be modifiable by SITE B and vice versa, but both have to send updates(sync) to each other.
I'm not aware how do I go with this. Will I need to think of having different OU's configured for each site and sync the OU's, control the write access with ACL?
Please suggest.
Regards,
Mohan
--On Wednesday, September 05, 2012 10:53 PM +0530 "S, Mohan (GE Energy)" mohan.sekar@ge.com wrote:
I'm not aware how do I go with this. Will I need to think of having different OU's configured for each site and sync the OU's, control the write access with ACL?
I would assume each master would have a unique set of ACLs defining what identity/identities can write to them. The replication stanza would use its own unique DN that has full read access on whatever master it talks to. Write operations read in via syncrepl are done at an internal admin level, so it has full write access to its own DB.
--Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
openldap-technical@openldap.org
-
Quanah Gibson-Mount -
S, Mohan (GE Energy)