Hi everyone,

I just configured a directory tuning readonly in the backend database :

olcDatabase={1}bdb,cn=config ... olcreadonly: TRUE

Good : now if I try to change anything I get an "Server is unwilling to perform (53)" from the server, for axample :

# ldappasswd -h localhost -D "uid=olivier,ou=people" -W -S "uid=guillard,ou=people" New password: Re-enter new password: Enter LDAP Password: Result: Server is unwilling to perform (53) Additional info: operation restricted

On the other hand, I also have configured this directory to get synchronized on another ldap server through a syncrepl directive, and I see that the ldap synchronization works properly: if I change my password an the master ldap, it's propagated on my "readonly" slave one.

This is good since this is exactly what I want.

However I have not found the confirmation of this behaviour in the documentation (may be I missed something), that's why I ask here :

Is it correct to configure a olcreadonly directory to be slave through syncrepl to another one ?

Thanks,

--- Olivier