What we've decided to do is to back out of the TLS and get Syncrepl/MMR working then implement TLS.
Going to keep sharp objects away from my wrists. -----Original Message----- From: Michael Ströder [mailto:[email protected]] Sent: Friday, January 31, 2014 2:41 PM To: Borresen, John - 0442 - MITLL; [email protected] Subject: Re: Syncrepl and mmr Borresen, John - 0442 - MITLL wrote: > I'm not trying to implement partial replication. Missed the smiley? Your *first* ACL should give read access to the whole tree to the group of replicas and then pass on all other access checking to the subsequent ACLs (by * break). Something like: limits group="cn=replicas,dc=example,dc=com" time=unlimited size=unlimited access to dn.subtree="ou=ampua" by group="cn=replicas,dc=example,dc=com" read by * break Ciao, Michael. > -----Original Message----- > From: Michael Ströder [mailto:[email protected]] > Sent: Friday, January 31, 2014 2:15 PM > To: Quanah Gibson-Mount; Borresen, John - 0442 - MITLL; > [email protected] > Subject: Re: Syncrepl and mmr > > Quanah Gibson-Mount wrote: >> --On Friday, January 31, 2014 1:20 PM -0500 "Borresen, John - 0442 - MITLL" >> <[email protected]> wrote: >> >>> Thanks, Quanah >>> >>> Not sure what you meant by " Well, it may not have been this issue, but >>> it definite would become an issue then." >>> >>> Was what I did a good thing or not? Curious minds want to know. <lol> >> >> The lack of read permissions for the replication user would absolutely be an >> issue at some point. ;) > > To put it the other way round: > It's very hard to implement partial replication correctly. ;-} > > Ciao, Michael.
