Im getting the following in the slurpd replica folder on the master ldap. [EMAIL PROTECTED] replica]# cat 10.101.2.10\:389.rej ERROR: Insufficient access: no write access to parent replica: 10.101.2.10:389 time: 1124818381.0 dn: cn=test3,dc=local,dc=gov changetype: add cn: test3 objectClass: top objectClass: person sn: test3 userPassword:: YWRtaW4= structuralObjectClass: person entryUUID: b2c5e8d0-a847-1029-8c36-b5add10b8e8a creatorsName: cn=admin,dc=local,dc=gov createTimestamp: 20050823173301Z entryCSN: 20050823173301Z#000001#00#000000 modifiersName: cn=admin,dc=local,dc=gov modifyTimestamp: 20050823173301Z
the updatedn and binddn have an entry that has write access to the slave database. access to * by dn.base=" " write The replica entry exists on the slave and master. my master slapd.conf looks like this: database bdb suffix "dc=local,dc=gov" rootdn "cn=admin,dc=local,dc=gov" # Cleartext passwords, especially for the rootdn, should # be avoid. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. rootpw admin # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. replogfile /usr/local/var/openldap-data/replication.log replica uri=ldap://10.101.2.10:389 binddn="cn=Replicator,dc=local,dc=gov" bindmethod=simple credentials=admin directory /usr/local/var/openldap-data # Indices to maintain index objectClass eq My slave slapd: access to * by dn.base="cn=Replicator,dc=local,dc=gov" write by anonymous auth # access to * # by self write # by users read # by anonymous auth # # if no access controls are present, the default policy # allows anyone and everyone to read anything but restricts # updates to rootdn. (e.g., "access to * by * read") # # rootdn can always read and write EVERYTHING! database bdb suffix "dc=local,dc=gov" rootdn "cn=admin,dc=local,dc=gov" # Cleartext passwords, especially for the rootdn, should # be avoid. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. rootpw admin updatedn "cn=Replicator,dc=local,dc=gov" # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory /usr/local/var/openldap-data # Indices to maintain index objectClass eq Thanks Moe Quanah Gibson-Mount <[EMAIL PROTECTED]> wrote: --On Wednesday, August 17, 2005 1:55 PM -0700 Moe wrote: > Hi, > > Im doing a master slave replication. In the updatedn, openldap Admin > guide says that updatedn entry: 1- should not generally be the rootdn > 2- have write permission to the slave database > updatedn "cn=replica,dc=elawsbs,dc=local" > > - Should replcia be an entry in the slave database only or in the master your master and replica databases should be exactly the same, so it would be an entry in both. > and slave database? - How do i give replica entry write access to the > slave database? You use ACL's. I suggest you read up on how to define ACLs. --Quanah -- Quanah Gibson-Mount Principal Software Developer ITSS/Shared Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html --------------------------------- Start your day with Yahoo! - make it your home page
