Quanah Gibson-Mount <qua...@symas.com> wrote: > > emm ... I was sure I can not do that on the master side ... just I try > > do that, I receive full data ... > > Then likely your ACLs were incorrect? yes, they were
at last I was able to fix that and get it working the way (I believe) I want: ---[ slave configuration quotation start ]------------------------------------------- ... syncrepl rid=0 ... searchbase="dc=example" ... ... ---[ slave configuration quotation end ]------------------------------------------- ---[ master configuration quotation start ]------------------------------------------- ... access to dn.children="cn=example-accesslog" by dn.one="ou=repl,ou=system,dc=example" read by * break access to dn.regex="^uid=(.*)@(.*),authorizedService=(mail|xmpp)@(.*),uid=(.*),ou=People,dc=example$" attrs=entry,entryCSN,entryUUID,objectClass,cn,o,uid,uidNumber,gidNumber,gecos,homeDirectory,loginShell,userPassword,creatorsName,createTimestamp,modifiersName,modifyTimestamp,mail,rfc822MailMember,sn,telephoneNumber,authorizedService,mu-mailBox by dn.exact="uid=replABC,ou=repl,ou=system,dc=example" read by * break access to dn.regex="ou=ABC,ou=Sendmail,dc=example|ou=ABC,ou=DHCP,dc=example" by dn.exact="uid=replABC,ou=repl,ou=system,dc=example" read by * stop ... # the final ACL access to * by set="[cn=admin,ou=group,dc=example]/memberUid & user/uid" write by peername.ip=127.0.0.1 read by self read by users search by * break ... ---[ master configuration quotation end ]------------------------------------------- thank you all, for help! -- Zeus V. Panchenko jid:z...@im.ibs.dn.ua IT Dpt., I.B.S. LLC GMT+2 (EET)