Thanks Quanah...
Now, I'm going to ask this...
My current ACL is:
olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by anonymous
auth by * none
olcAccess: {1}to * by * read
Supposed this allows the user to modify their userPassword and (in so doing)
modifying the shadowLastChange, allows anonymous to authenticate against these
entries and allows others to read these entries
Am I reading that correctly...or at least close?
To give my syncrepl user (ldapadmin) access, my new ACL would another olcAccess:
olcAccess:{2}to * by cn=ldapdmin manage
Is that correct?
Thanks in advance.
John Borresen
-----Original Message-----
From: Quanah Gibson-Mount [mailto:[email protected]]
Sent: Thursday, January 30, 2014 2:58 PM
To: Borresen, John - 0442 - MITLL; [email protected]
Subject: Re: Syncrepl and mmr
--On Thursday, January 30, 2014 7:51 AM -0500 "Borresen, John - 0442 - MITLL"
<[email protected]> wrote:
> For some reason the original never made it. Not sure why.
> ________________________________________
> From: Borresen, John - 0442 - MITLL
> Sent: Wednesday, January 29, 2014 4:41 PM
> To: [email protected]
> Subject: Syncrepl -- MMR
>
> All,
>
> Troubleshooting some issues, not to mention to verify that Syncrepl
> are working as they should, following setting up a 2-way multi-master
> in our test environment.
>
>
> 1) I noticed that the "userPassword" attributes have all
> disappeared?!
> olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by
> anonymou s auth by * none
Obviously this ACL allows no access to the userPassword or shadowLastChange
attributes by your replication user. Clearly this will result in the behavior
you have described.
--Quanah
--
Quanah Gibson-Mount
Architect - Server
Zimbra, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
